FORM 2
THE PATENTS ACT, 1970
(39 OF 1970)
&
THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See section 10 and rule 13)
“METHOD AND SYSTEM FOR NETWORK TRAFFIC MANAGEMENT”
We, Jio Platforms Limited, an Indian National, of Office - 101, Saffron, Nr. Centre Point, Panchwati 5 Rasta, Ambawadi, Ahmedabad - 380006, Gujarat, India.
The following specification particularly describes the invention and the manner in which it is to be performed.

METHOD AND SYSTEM FOR NETWORK TRAFFIC MANAGEMENT
FIELD OF THE INVENTION
[0001] Embodiments of the present disclosure generally relate to network
performance management systems. More particularly, embodiments of the present disclosure relate to methods and systems for network traffic management.
BACKGROUND
[0002] The following description of the related art is intended to provide
background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section is used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of the prior art.
[0003] Wireless communication technology has rapidly evolved over the
past few decades, with each generation bringing significant improvements and advancements. The first generation of wireless communication technology was based on analog technology and offered only voice services. However, with the advent of the second-generation (2G) technology, digital communication and data services became possible, and text messaging was introduced. 3G technology marked the introduction of high-speed internet access, mobile video calling, and location-based services. The fourth-generation (4G) technology revolutionized wireless communication with faster data speeds, better network coverage, and improved security. Currently, the fifth-generation (5G) technology is being deployed, promising even faster data speeds, low latency, and the ability to connect multiple devices simultaneously. With each generation, wireless communication technology has become more advanced, sophisticated, and capable of delivering more services to its users.

[0004] In a communication network, there are various nodes, components,
functional units, and flows that perform various tasks assigned for the functioning of the network. However, due to the complex architecture of the network, it is very difficult to perform analysis and tracking of various network related functions such as getting insight into network flows, identifying any anomaly in traffic patterns, deviation in application performance, subscriber session debugging and to have collaborative troubleshooting across different network domains (say 5GC, IMS etc.). Also, to make informed decisions regarding network infrastructure management and planning, it is further required to monitor the performance of the application as well as the entire network.
[0005] Further, over the period of time various solutions have been
developed to track and analyse the network flows, however such methods and systems are not reliable and efficient due to various factors such as consume more time in analysis, have limited deployment capabilities, require more specific hardware components for deployment, cost increasing systems, and the like.
[0006] Thus, in order to improve the radio access network capacity and
performance, as well as to overcome the above limitation, there is an imperative need in the art for unified and collaborative approach to analyse and debug subscriber sessions as well as to track performance and statistics of applications and network, which the present disclosure aims to address.
SUMMARY
[0007] This section is provided to introduce certain aspects of the present
disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.

[0008] According to an aspect of the present disclosure, a method for
network traffic management is disclosed. The method includes receiving, by a receiving unit, a set of protocol associated with a second set of network packets corresponding to network traffic, the second set of network packets is stored in a database. The method further includes validating, by a validating unit, the set of protocols based on a dataset comprising information associated with a plurality of protocols; decoding, by a decoding unit using one or more protocol decoders, the second set of network packets to extract traffic data from the second set of network packets, wherein the one or more protocol decoders are selected based on the validated set of protocols. The method includes analysing, by an analysing unit, the extracted traffic data to identify a set of traffic patterns and calculate one or more performance metrics. Thereafter, the method includes generating, by a generating unit, a report based on the analysis.
[0009] In an aspect, the method further comprises filtering, by a filter unit,
the set of network packets, wherein the filtering is based on a set of predefined parameters.
[00010] In an exemplary aspect of the present disclosure, the method further
comprises receiving, by the receiving unit, a first set of filtering parameters for filtering a first set of network packets corresponding to a network traffic, the first set of filtering parameters comprises at least one protocol associated with the first set of network packets; retrieving, by a retrieving unit, the filtered first set of network packets from at least one source based on the first set of filtering parameters; identifying, by an identifying unit, a type of session based on the at least one protocol; retrieving, by the retrieving unit, at least one identifier associated with the identified type of session; fetching, by a fetching unit, the second set of network packets from the first set of network packets based on the retrieved at least one identifier; and storing, by a storing unit, the second set of network packets in the database.

[00011] In an exemplary aspect of the present disclosure, the first set of
filtering parameters further comprises at least one of user equipment (UE) identifier (ID), source internet protocol (IP) address, destination IP address, source port number, destination port number, packet length, and time period.
[00012] In an exemplary aspect of the present disclosure, the type of session
comprises at least one of a hypertext transfer protocol 2 (HTTP2) session, a diameter session, and a packet forwarding control protocol (PFCP) session.
[00013] In an exemplary aspect of the present disclosure, the at least one
identifier comprises at least one of HTTP2 stream ID, diameter session ID, and PFCP session endpoint identifier (SEID) and fully qualified session identifier (F-SEID).
[00014] In an exemplary aspect of the present disclosure, the fetching further
comprises performing a reverse lookup to fetch the second set of packets matching the at least one identifier.
[00015] In an exemplary aspect of the present disclosure, the method further
comprises filtering, by a filtering unit, the second set of network packets, wherein the filtering is based on a second set of filtering parameters.
[00016] In an exemplary aspect of the present disclosure, the first set of
filtering parameters and the second set of filtering parameters are received from a user.
[00017] In an exemplary aspect of the present disclosure, the report is
generated based on the filtered second set of network packets.
[00018] In an exemplary aspect of the present disclosure, the method further
comprises storing, by a storing unit, the filtered second set of network packets.

[00019] In an exemplary aspect of the present disclosure, the one or more
performance metrics include at least one of round-trip time (RTT), packet loss rate, retransmission rate, throughput, and latency.
[00020] In an exemplary aspect of the present disclosure, the method further
comprises validating the protocol associated with each of the second set of network packets comprises checking for at least one of error and anomaly in a packet structure indicative of data corruption.
[00021] In an exemplary aspect of the present disclosure, the method further
comprises calculating one or more performance metrics includes measuring network latency, packet loss rate, throughput, and data transmission errors.
[00022] In an exemplary aspect of the present disclosure, the method further
comprises analysing the extracted traffic data is performed in real-time.
[00023] In an exemplary aspect of the present disclosure, the set of traffic
patterns comprises at least one of distribution of a set of protocols, a packet size, an inter-arrival times, and an occurrence of an event.
[00024] In an exemplary aspect of the present disclosure, the method further
comprises analysing further comprises identifying, by an identifying unit using a trained model, at least one of trend, recurrent problem, and potential improvement in network performance.
[00025] In an exemplary aspect of the present disclosure, the trained model
is trained based on a set of historical traffic data.
[00026] In an exemplary aspect of the present disclosure, the report is
generated in at least one of JavaScript Object Notation (JSON) format, and an

Extensible Markup Language (XML) format, a packet capture (PCAP) format, and a ladder diagram format.
[00027] In an exemplary aspect of the present disclosure, the method further
5 comprises displaying, by a display unit, the generated report through a user
interface.
[00028] In an exemplary aspect of the present disclosure, the decoding
further comprises extracting values for at least one of source IP address, destination
10 IP addresses, port, sequence number, and a flag option.
[00029] According to an aspect of the present disclosure, a system for
network traffic management is disclosed. The system comprises a receiving unit configured to receive a set of protocol associated with a second set of network
15 packets corresponding to network traffic, the second set of network packets is stored
in a database. The system further comprises a validating unit configured to validate the set of protocols based on a dataset comprising information associated with a plurality of protocols. The system further comprises a decoding unit configured to decode using one or more protocol decoders, the second set of network packets to
20 extract traffic data from the second set of network packets, wherein the one or more
protocol decoders are selected based on the validated set of protocols. The system further comprises an analysing unit configured to analyse the extracted traffic data to identify a set of traffic patterns and calculate one or more performance metrics. The system further comprises a generating unit configured to generate a report
25 based on the analysis.
[00030] According to yet another aspect of the present disclosure, a user
equipment (UE) is disclosed. The UE comprising: a processor configured to:
receive a set of protocol associated with a second set of network packets
30 corresponding to network traffic, the second set of network packets is stored in a
database; validate the set of protocols based on a dataset comprising information
7

associated with a plurality of protocols; decode, using one or more protocol
decoders, the second set of network packets to extract traffic data from the second
set of network packets, wherein the one or more protocol decoders are selected
based on the validated set of protocols; analyse the extracted traffic data to identify
5 a set of traffic patterns and calculate one or more performance metrics; and generate
a report based on the analysis.
[00031] Yet another aspect of the present disclosure may relate to a non-
transitory computer-readable storage medium storing instructions for network
10 traffic management, the storage medium comprising executable code which, when
executed by one or more units of a system, causes: a receiving unit to receive a set of protocol associated with a second set of network packets corresponding to network traffic, the second set of network packets is stored in a database; a validation unit to validate the set of protocols based on a dataset comprising
15 information associated with a plurality of protocols; a decoding unit to decode using
one or more protocol decoders, the second set of network packets to extract traffic data from the second set of network packets, wherein the one or more protocol decoders are selected based on the validated set of protocols; an analysing unit to analyse the extracted traffic data to identify a set of traffic patterns and calculate
20 one or more performance metrics; and a generating unit to generate a report based
on the analysis.
OBJECTS OF THE INVENTION
25 [00032] Some of the objects of the present disclosure, which at least one
embodiment disclosed herein satisfies are listed herein below.
[00033] It is an object of the present disclosure to provide a system and a
method for network traffic analysis and performance optimization for the
30 management of the operations in a network.
8

[00034] It is another object of the present disclosure to provide a method and
a system to track performance key parameters of applications and networks.
[00035] It is yet another object of the present disclosure to provide a flexible
5 method and system to get deploy over a variety of infrastructure such as on-
premises, edge, and public cloud networks.
[00036] It is yet another object of the present disclosure to provide a method
and system to perform near real-time subscriber tracing and historical session
10 analysis in a communication network.
[00037] It is yet another object of the present disclosure to provide a method
and system to alert the Network Management System (NMS) based on identification of any service degradation event in the network. 15
DESCRIPTION OF THE DRAWINGS
[00038] The accompanying drawings, which are incorporated herein, and
constitute a part of this disclosure, illustrate exemplary embodiments of the
20 disclosed methods and systems in which like reference numerals refer to the same
parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Also, the embodiments shown in the figures are not to be construed as limiting the disclosure, but the possible variants of the method
25 and system according to the disclosure are illustrated herein to highlight the
advantages of the disclosure. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components or circuitry commonly used to implement such components.
9

[00039] FIG. 1 illustrates an exemplary block diagram of a computing device
upon which the features of the present disclosure may be implemented in accordance with exemplary implementation of the present disclosure.
5 [00040] FIG. 2 illustrates an exemplary block diagram for a system for
network traffic management, in accordance with exemplary implementations of the present disclosure.
[00041] FIG. 3 illustrates a method flow diagram for network traffic
10 management, in accordance with exemplary implementations of the present
disclosure.
[00042] FIG. 4 illustrates another method flow diagram for network traffic
15 management, in accordance with exemplary implementations of the present
disclosure.
[00043] FIG. 5 illustrates an exemplary process flow diagram indicating
network traffic management, in accordance with exemplary embodiments of the
20 present disclosure.
[00044] The foregoing shall be more apparent from the following more
detailed description of the disclosure.
25 DETAILED DESCRIPTION
[00045] In the following description, for the purposes of explanation, various
specific details are set forth in order to provide a thorough understanding of
embodiments of the present disclosure. It will be apparent, however, that
30 embodiments of the present disclosure may be practiced without these specific
details. Several features described hereafter may each be used independently of one another or with any combination of other features. An individual feature may not
10

address any of the problems discussed above or might address only some of the problems discussed above.
[00046] The ensuing description provides exemplary embodiments only, and
5 is not intended to limit the scope, applicability, or configuration of the disclosure.
Rather, the ensuing description of the exemplary embodiments will provide those
skilled in the art with an enabling description for implementing an exemplary
embodiment. It should be understood that various changes may be made in the
function and arrangement of elements without departing from the spirit and scope
10 of the disclosure as set forth.
[00047] Specific details are given in the following description to provide a
thorough understanding of the embodiments. However, it will be understood by one
of ordinary skill in the art that the embodiments may be practiced without these
15 specific details. For example, circuits, systems, processes, and other components
may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail.
[00048] Also, it is noted that individual embodiments may be described as a
20 process which is depicted as a flowchart, a flow diagram, a data flow diagram, a
structure diagram, or a block diagram. Although a flowchart may describe the
operations as a sequential process, many of the operations may be performed in
parallel or concurrently. In addition, the order of the operations may be re-arranged.
A process is terminated when its operations are completed but could have additional
25 steps not included in a figure.
[00049] The word “exemplary” and/or “demonstrative” is used herein to
mean serving as an example, instance, or illustration. For the avoidance of doubt,
the subject matter disclosed herein is not limited by such examples. In addition, any
30 aspect or design described herein as “exemplary” and/or “demonstrative” is not
necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary structures and techniques
11

known to those of ordinary skill in the art. Furthermore, to the extent that the terms
“includes,” “has,” “contains,” and other similar words are used in either the detailed
description or the claims, such terms are intended to be inclusive—in a manner
similar to the term “comprising” as an open transition word—without precluding
5 any additional or other elements.
[00050] As used herein, a “processing unit” or “processor” or “operating
processor” includes one or more processors, wherein processor refers to any logic circuitry for processing instructions. A processor may be a general-purpose
10 processor, a special purpose processor, a conventional processor, a digital signal
processor, a plurality of microprocessors, one or more microprocessors in association with a (Digital Signal Processing) DSP core, a controller, a microcontroller, Application Specific Integrated Circuits, Field Programmable Gate Array circuits, any other type of integrated circuits, etc. The processor may
15 perform signal coding data processing, input/output processing, and/or any other
functionality that enables the working of the system according to the present disclosure. More specifically, the processor or processing unit is a hardware processor.
20 [00051] As used herein, “a user equipment”, “a user device”, “a smart-user-
device”, “a smart-device”, “an electronic device”, “a mobile device”, “a handheld device”, “a wireless communication device”, “a mobile communication device”, “a communication device” may be any electrical, electronic and/or computing device or equipment, capable of implementing the features of the present disclosure. The
25 user equipment/device may include, but is not limited to, a mobile phone, smart
phone, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, wearable device or any other computing device which is capable of implementing the features of the present disclosure. Also, the user device may contain at least one input means configured to receive an input from at least one of
30 a transceiver unit, a processing unit, a storage unit, a detection unit and any other
such unit(s) which are required to implement the features of the present disclosure.
12

[00052] As used herein, “storage unit” or “memory unit” refers to a machine
or computer-readable medium including any mechanism for storing information in
a form readable by a computer or similar machine. For example, a computer-
readable medium includes read-only memory (“ROM”), random access memory
5 (“RAM”), magnetic disk storage media, optical storage media, flash memory
devices or other types of machine-accessible storage media. The storage unit stores at least the data that may be required by one or more units of the system to perform their respective functions.
10 [00053] As used herein “interface” or “user interface refers to a shared
boundary across which two or more separate components of a system exchange information or data. The interface may also be referred to a set of rules or protocols that define communication or interaction of one or more modules or one or more units with each other, which also includes the methods, functions, or procedures
15 that may be called.
[00054] All modules, units, components used herein, unless explicitly
excluded herein, may be software modules or hardware processors, the processors being a general-purpose processor, a special purpose processor, a conventional
20 processor, a digital signal processor (DSP), a plurality of microprocessors, one or
more microprocessors in association with a DSP core, a controller, a microcontroller, Application Specific Integrated Circuits (ASIC), Field Programmable Gate Array circuits (FPGA), any other type of integrated circuits, etc.
25
[00055] As used herein the transceiver unit include at least one receiver and
at least one transmitter configured respectively for receiving and transmitting data, signals, information, or a combination thereof between units/components within the system and/or connected with the system.
30
[00056] As used herein, network packets relate to units of data formatted for
transmission across a network. The network packets contain a payload, which is the
13

actual data being transported, and headers that provide essential control information
such as source and destination addresses, sequence numbers, and error-checking
data. Network packets are fundamental to the process of data exchange in
telecommunications and computer networks, enabling efficient and reliable
5 communication between devices by following protocols such as IP (Internet
Protocol), TCP (Transmission Control Protocol), UDP (User Datagram Protocol), and others specified by 3GPP for mobile and wireless communication systems.
[00057] As used herein, network traffic relates to the flow of data packets
10 across a network infrastructure, encompassing the entirety of data communications
that traverse network nodes and devices. The network traffic includes all types of
data exchanged between user equipment (UE) and network elements such as base
stations, routers, and core network components. The network traffic can be
categorized into various types, including signalling traffic for network control and
15 management, as well as user plane traffic, which carries actual user data such as
voice, video, and internet browsing. Network traffic is measured in terms of parameters like bandwidth, latency, jitter, and packet loss, which are critical for assessing the performance and quality of service (QoS) of a network.
20 [00058] As used herein, protocol relates to a defined set of rules and
conventions for communication between network devices, enabling the exchange of information in a structured and standardized manner. The protocol specifies the procedures and formats for data transfer, including the establishment, management, and termination of connections, as well as the encoding, decoding, and
25 interpretation of messages. The protocols facilitate interoperability between diverse
devices and systems in a telecommunications network, covering various layers of the network architecture, from physical transmission to application-level interactions, thereby facilitating seamless and efficient communication across global mobile networks.
30
14

[00059] As used herein, protocol decoder relates to a functional component
within a network system that interprets and processes network protocol data units
(PDUs) by extracting and converting protocol-specific information into a readable
and analysable format. The process involves parsing various protocol layers, such
5 as the physical, data link, network, transport, and application layers, to decode
headers, payloads, and control information according to standardized protocol
specifications defined by 3GPP and other relevant standards bodies. The protocol
decoder enables the system to understand and analyse network traffic, facilitating
tasks such as traffic monitoring, performance analysis, and troubleshooting by
10 providing detailed insights into the structure and content of network
communications.
[00060] As used herein, traffic data relates to the information derived from
network packets that include various metrics and attributes essential for analysing
15 and optimizing network performance. The traffic data encompasses details such as
source and destination IP addresses, port numbers, protocol types, packet sizes, timestamps, sequence numbers, and other relevant metadata. This data is used to evaluate network conditions, monitor traffic flow, detect anomalies, and measure one or more performance metrics like latency, jitter, throughput, and packet loss.
20 By analysing traffic data, network administrators can gain insights into network
behaviour, identify potential issues, and implement strategies to enhance overall network efficiency and reliability.
[00061] As used herein, traffic pattern relates to the observed sequence and
25 characteristics of data packets transmitted across a network, including aspects such
as packet size distribution, inter-arrival times, flow duration, and protocol usage.
According to 3GPP standards, traffic patterns encompass the behaviour and
structure of traffic flows, which are critical for analysing network performance,
identifying anomalies, and optimizing network resources. These patterns provide
30 insights into how data traverses the network, helping to manage congestion,
enhance Quality of Service (QoS), and ensure efficient network operation. Traffic
15

patterns can be indicative of specific application behaviours, user activities, or network conditions, making them essential for effective network management and planning.
5 [00062] As used herein, one or more performance metrics relate to the
quantifiable measures used to evaluate the performance, efficiency, and reliability
of a network. The one or more performance metrics include, but are not limited to,
round-trip time (RTT), which measures the time taken for a signal to travel from
the source to the destination and back; packet loss rate, indicating the percentage of
10 packets that are sent but not successfully received; retransmission rate, reflecting
the frequency of packet retransmissions due to errors or loss; throughput, which assesses the rate of successful data transfer over a communication channel; and latency, representing the time delay experienced in the network.
15 [00063] As used herein, filtering relates to the process of selectively passing
network packets based on a set of predefined criteria to isolate specific traffic patterns and relevant data. The filtering involves examining packet attributes such as source and destination IP addresses, port numbers, protocol types, packet sizes, and timestamps, and allowing only those packets that meet the specified conditions
20 to proceed for further analysis. Filtering enhances the efficiency and focus of
network traffic analysis by excluding unnecessary data, thereby enabling targeted monitoring, and troubleshooting of network performance issues.
[00064] As used herein, data corruption relates to the alteration of data in a
25 way that renders it incorrect, incomplete, or unusable. The data corruption can occur
due to errors during the transmission, storage, or processing of data, leading to
discrepancies between the original and the received data. Data corruption can
manifest as changes in bit sequences, loss of data packets, or misinterpretation of
protocol information, potentially resulting in degraded performance, security
30 vulnerabilities, or system failures within telecommunications networks. Ensuring
data integrity is crucial for maintaining reliable and secure communication.
16

[00065] As used herein, GET refers to the method of retrieving data from a
server, typically involving a request for information or resources. In the context of
network traffic management, GET encompasses the process of obtaining network
5 packets, session identifiers, and protocol-specific details from various sources to
analyse network flows, one or more performance metrics, and traffic patterns.
[00066] As used herein, POST refers to the method of sending data to a server
to create or update resources, typically involving the transmission of substantial
10 information or data packets. In the context of network traffic management, POST
encompasses the process of submitting network traffic data, one or more performance metrics, and analysis results to a central database or server for further processing, storage, and retrieval.
15 [00067] As used herein, Hypertext Transfer Protocol (HTTP)/1.1 refers to the
version of the HTTP protocol that is used for transmitting hypertext requests and information on the World Wide Web. HTTP/1.1 is an application layer protocol designed to facilitate the exchange of data between clients (such as web browsers) and servers.
20
[00068] As used herein, SYN refers to the control flag within the TCP header
that is used to initiate a connection between two network nodes. When a SYN flag is set in a TCP packet, it signals the beginning of the three-way handshake process required to establish a reliable connection.
25
[00069] As used herein, ACK refers to the acknowledgment signal or
message sent by a receiving device to indicate successful receipt of data packets in a network communication. In the context of network protocols like TCP for ensuring reliable data transmission, confirming that data has been received correctly
30 and prompting the sender to continue transmitting subsequent packets.
17

[00070] As used herein, FIN refers to the control flag used in network
protocols, such as TCP, to indicate the termination of a connection. When a device
sends a packet with the FIN flag set, it signals the intention to close the
communication session, ensuring that no further data will be transmitted from the
5 sender.
[00071] As used herein, User-Agent refers to a header field in HTTP
(Hypertext Transfer Protocol) requests that identifies the client software making the
request. The field provides information about the software application, operating
10 system, device type, and the rendering engine used to access the web resource.
[00072] As used herein, Accept refers to an HTTP header field used by the
client to specify the media types that are acceptable for the response from the server.
The header allows the client to inform the server of the types of content it can
15 process, such as text/html, application/json, or image/png, enabling the server to
return the most appropriate format.
[00073] As used herein, Content-Type refers to a header field in HTTP
requests and responses that specifies the media type of the resource being sent or
20 received. The header indicates the format of the data in the body of the HTTP
message, enabling the receiving client or server to correctly interpret and process the content.
[00074] As used herein, Stream Control Transmission Protocol (SCTP)
25 refers to a transport-layer protocol designed to ensure reliable, in-sequence
transport of data between endpoints in a network. SCTP is particularly suited for
applications that require the management of multiple streams of data
simultaneously, offering features such as multi-homing support, resistance to
flooding and masquerade attacks, and the ability to transmit multiple streams in a
30 single association.
18

[00075] As used herein, Verification Tag refers to an identifier in the SCTP
that facilitates in establishing the integrity and authenticity of an SCTP packet
within an ongoing association. The Verification tag is included in the header of
every SCTP packet and is used by the receiving endpoint to verify that the packet
5 belongs to the current SCTP association, preventing the acceptance of stale or
invalid packets from previous associations.
[00076] As used herein, Transmission Sequence Number (TSN) refers to an
identifier assigned to each data chunk in the Stream Control Transmission Protocol
10 (SCTP). The TSN is used to ensure the reliable and ordered delivery of data across
a network. It helps in tracking the sequence of data chunks sent between communicating endpoints, allowing the receiver to detect any missing or out-of-order chunks.
15 [00077] As used herein, Stream Identifier refers to a field within the SCTP
that distinguishes individual streams within an SCTP association. Each association can support multiple streams, and the Stream Identifier (SI) is used to differentiate between these parallel streams, allowing independent sequencing of messages within each stream.
20
[00078] As used herein, Stream Sequence Number refers to a specific
identifier used within the SCTP to maintain the order of data chunks within a particular stream. Each stream in the SCTP association has its own sequence of data chunks, and the Stream Sequence Number such that these chunks are delivered and
25 processed in the correct order.
[00079] As used herein, TCP/IP refers to the communication protocols used
to interconnect network devices on the internet. TCP facilitates in establishing
reliable, ordered, and error-checked delivery of data between applications running
30 on hosts communicating via an IP network, while IP facilitates in the addressing
and routing of packets to ensure they reach the correct destination.
19

[00080] As used herein, user datagram protocol (UDP) refers to a
communication protocol used for establishing low-latency and loss-tolerant
connections between applications on the internet. UDP is connectionless and does
5 not guarantee the delivery, order, or integrity of packets, making it faster and more
efficient for applications where speed is critical and occasional data loss is acceptable. Common uses of UDP include real-time applications such as video streaming, online gaming, and DNS queries.
10 [00081] As used herein, Hypertext Transfer Protocol/2 (HTTP2) refers to the
version of the HTTP network protocol, which is configured such that to improve the performance and efficiency of web communications. HTTP2 enhances the traditional HTTP by introducing features such as multiplexing, header compression, and server push.
15
[00082] As used herein, DIAMETER refers to a network protocol designed
for authentication, authorization, and accounting (AAA) services, often used in telecommunications and IP-based networks. DIAMETER facilitates the communication between network access servers and the central servers that manage
20 AAA policies. DIAMETER messages contain information such as user credentials,
session details, and resource usage, which are crucial for managing access control, billing, and policy enforcement.
[00083] As used herein, packet forwarding control protocol (PFCP) refers to
25 a network protocol used in mobile core networks, particularly within the 5G and
4G LTE architectures, to manage and control the forwarding of user data packets.
PFCP operates between the control plane and the user plane, facilitating the
establishment, modification, and deletion of data sessions. PFCP manages tasks
such as setting up tunnels, defining forwarding policies, and managing quality of
30 service (QoS) parameters for efficient and reliable data transmission.
20

[00084] As used herein, define ladder diagram refers to a visual
representation of network packet flows and interactions, depicted in a sequential,
step-by-step format. The ladder diagram displays the chronological exchange of
packets between network entities, highlighting the communication sequence and
5 timing. Each step in the ladder diagram represents a network event, such as the
transmission or reception of a packet, and is typically organized with vertical lines
representing different network nodes or devices and horizontal arrows illustrating
the flow of data between them. The ladder diagram-based method of visualization
helps in understanding the intricate details of network sessions, diagnosing issues,
10 and analysing performance by providing a clear and structured view of the packet
exchanges and their timing.
[00085] As discussed in the background section, the current known solutions
have several shortcomings. The present disclosure aims to overcome the above-
15 mentioned and other existing problems in this field of technology by providing a
method and system for network traffic management.
[00086] The present disclosure aims to overcome the above-mentioned and
other existing problems in this field of technology by providing a method and
20 system for network traffic analysis and performance optimization, that is efficient
and reliable to get insight into network flows, identification of any anomaly in traffic patterns, monitoring deviation in application performance, efficient subscriber session debugging and to have a collaborative troubleshooting across different network domains. Further, the present invention provides a flexible
25 solution that can be deploy over a variety of infrastructure such as: on premise,
edge, and public cloud. The present system is also compatible on any commodity hardware which a service provider has without a need to invest any further. The proposed solution also provides real-time subscriber tracing and historical session analysis to pinpoint various network related problems. The present system also
30 efficiently monitors the performance of application as well as the entire network to
get decisions regarding network infrastructure management and planning. The
21

present system also allows to receive in advance or at the same time, any performance threshold breach, service degradation trend and potential bottleneck so that corrective measurement can be taken to avoid service outage.
5 [00087] More specifically, the proposed solution provides easy and logical
way to make informed decisions regarding network management and planning, real-time monitoring of key performance indicators (KPIs) for network say 5G core, evolved packet core (EPC), and IP multimedia subsystem (IMS) networks, helping network management team to quickly detect and diagnose performance issues. In
10 addition to that, the proposed solution can also be used to investigate and
troubleshoot issues that may have occurred in the past for a particular subscriber or for the overall network including issues related to network connectivity and application performance. Thus, the proposed system provides an end-to-end visibility into the subscriber sessions, performance of applications, networks, and
15 infrastructure across multiple domains (say 5GC, EPC, IMS deployed on bare metal
or as Containerised Network Functions).
[00088] Hereinafter, exemplary embodiments of the present disclosure will
be described with reference to the accompanying drawings.
20
[00089] FIG. 1 illustrates an exemplary block diagram of a computing device
[100] (also referred herein as a computer system [100]) upon which the features of
the present disclosure may be implemented in accordance with exemplary
implementation of the present disclosure. In an implementation, the computing
25 device [100] may also implement a method for network traffic management
utilising the system. In another implementation, the computing device [100] itself
implements the method for network traffic management using one or more units
configured within the computing device [100], wherein said one or more units are
capable of implementing the features as disclosed in the present disclosure.
30
[00090] The computing device [100] encompasses a wide range of electronic
devices capable of processing data and performing computations. Examples of
22

computing device [100] include, but are not limited only to, personal computers,
laptops, tablets, smartphones, servers, and embedded systems. The devices may
operate independently or as part of a network and can perform a variety of tasks
such as data storage, retrieval, and analysis. Additionally, computing device [100]
5 may include peripheral devices, such as monitors, keyboards, and printers, as well
as integrated components within larger electronic systems, highlighting their versatility in various technological applications.
[00091] The computing device [100] may include a bus [102] or other
10 communication mechanism for communicating information, and a processor [104]
coupled with bus [102] for processing information. The processor [104] may be, for
example, a general-purpose microprocessor. The computing device [100] may also
include a main memory [106], such as a random-access memory (RAM), or other
dynamic storage device, coupled to the bus [102] for storing information and
15 instructions to be executed by the processor [104]. The main memory [106] also
may be used for storing temporary variables or other intermediate information
during execution of the instructions to be executed by the processor [104]. Such
instructions, when stored in non-transitory storage media accessible to the processor
[104], render the computing device [100] into a special-purpose machine that is
20 customized to perform the operations specified in the instructions. The computing
device [100] further includes a read only memory (ROM) [108] or other static storage device coupled to the bus [102] for storing static information and instructions for the processor [104].
25 [00092] A storage device [110], such as a magnetic disk, optical disk, or
solid-state drive is provided and coupled to the bus [102] for storing information and instructions. The computing device [100] may be coupled via the bus [102] to a display [112], such as a cathode ray tube (CRT), Liquid crystal Display (LCD), Light Emitting Diode (LED) display, Organic LED (OLED) display, etc. for
30 displaying information to a computer user. An input device [114], including
alphanumeric and other keys, touch screen input means, etc. may be coupled to the
23

bus [102] for communicating information and command selections to the processor
[104]. Another type of user input device may be a cursor controller [116], such as
a mouse, a trackball, or cursor direction keys, for communicating direction
information and command selections to the processor [104], and for controlling
5 cursor movement on the display [112]. This input device typically has two degrees
of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allow the device to specify positions in a plane.
[00093] The computing device [100] may implement the techniques
10 described herein using customized hard-wired logic, one or more ASICs or FPGAs,
firmware, and/or program logic which in combination with the computing device
[100] causes or programs the computing device [100] to be a special-purpose
machine. According to one implementation, the techniques herein are performed by
the computing device [100] in response to the processor [104] executing one or
15 more sequences of one or more instructions contained in the main memory [106].
Such instructions may be read into the main memory [106] from another storage
medium, such as the storage device [110]. Execution of the sequences of
instructions contained in the main memory [106] causes the processor [104] to
perform the process steps described herein. In alternative implementations of the
20 present disclosure, hard-wired circuitry may be used in place of or in combination
with software instructions.
[00094] The computing device [100] also may include a communication
interface [118] coupled to the bus [102]. The communication interface [118]
25 provides a two-way data communication coupling to a network link [120] that is
connected to a local network [122]. For example, the communication interface [118] may be an integrated services digital network (ISDN) card, cable modem, satellite modem, or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, the communication
30 interface [118] may be a local area network (LAN) card to provide a data
communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation, the communication interface [118]
24

sends and receives electrical, electromagnetic, or optical signals that carry digital data streams representing various types of information.
[00095] The computing device [100] can send messages and receive data,
5 including program code, through the network(s), the network link [120] and the
communication interface [118]. In the Internet example, a server [130] might
transmit a requested code for an application program through the Internet [128], the
ISP [126], the Host [124], the local network [122] and the communication interface
[118]. The received code may be executed by the processor [104] as it is received,
10 and/or stored in the storage device [110], or other non-volatile storage for later
execution.
[00096] Referring to FIG. 2, an exemplary block diagram of a system [200]
for network traffic management is shown, in accordance with the exemplary
15 implementations of the present disclosure. The system [200] comprises at least one
receiving unit [202], at least one validating unit [204], at least one decoding unit [206], at least one analysing unit [208], at least one generating unit [210], at least one filtering unit [212], at least one identifying unit [214], at least one display unit [216], at least one storing unit [218], at least one retrieving unit [220], at least one
20 fetching unit [222]. Also, all of the components/ units of the system [200] are
assumed to be connected to each other unless otherwise indicated below. As shown in the FIG. 2 all units shown within the system [200] should also be assumed to be connected to each other. Also, in FIG. 2 only a few units are shown, however, the system [200] may comprise multiple such units or the system [200] may comprise
25 any such numbers of said units, as required to implement the features of the present
disclosure.
[00097] The system [200] is configured for network traffic management with
the help of the interconnection between the components/units of the system [200]. 30
25

[00098] The system [200] performs monitoring and network traffic analysis
in the network. In an exemplary aspect, the network may be such as, but not limited to, 5G network and other than 5G network (e.g., 4G network and 6G network).
5 [00099] The system [200] comprises a receiving unit [202] configured to
receive a set of protocols associated with a second set of network packets corresponding to network traffic, the second set of network packets is stored in a database. The receiving unit [202] may be communicatively attached with the storing unit [218]. The storing unit [218] may store the second set of network
10 packets in the database. In an operation, the receiving unit [202] may receive the
second set of network packets associated with voice call, data services, data web browsers, email clients, streaming services, and other applications. The receiving unit [202] is configured to receive and manage the set of protocols associated with different protocols, including but not limited only to transmission control
15 protocol/internet protocol (TCP/IP), user datagram protocol (UDP), and stream
control transmission protocol (SCTP), Hypertext Transfer Protocol/2 (HTTP2), DIAMETER and packet forwarding control protocol (PFCP). In an exemplary aspect, the data packet may be associated with one or more network nodes of 5G network such as, but not limited to, access and mobility management function
20 (AMF) and session management function (SMF). In an exemplary aspect, the data
packet may be associated with network devices such as, but not limited to, server, routers, and gateways.
[000100] The system [200] further comprises a validating unit [204]
25 communicatively coupled to the receiving unit [202]. The validating unit [204] is
configured to validate the set of protocols based on a dataset comprising
information associated with a plurality of protocols. In an aspect, validating the set
of protocols associated with each of the received set of network packets based on
the dataset comprises checking for an error in a network packet structure indicative
30 of data corruption. For example, the validating unit [204] can check the integrity of
the set of network packets (such as TCP/IP packets) by verifying the checksum field
26

in the packet header. If the checksum value does not match the calculated checksum
for the set of network packet data, the validating unit [204] flags this packet as
corrupted. This ensures that any packets with potential data corruption are identified
and managed appropriately, which is crucial for maintaining data integrity.
5 Additionally, the validating unit [204] can validate HTTP packets by inspecting the
HTTP headers. For example, it can check whether the headers contain all required
fields such as the request method (e.g., GET or POST, these are the request headers
which are used to provide additional information about the request), the URL, and
the protocol version (e.g., HTTP/1.1, HTTP/2 wherein HTTP stands for Hypertext
10 transfer protocol, and it is the primary protocol for transmission of information
across the internet). If any of these fields are missing or malformed, the validating unit [204] identifies the packet as invalid and may log the error or discard the packet.
15 [000101] The system [200] further comprises a decoding unit [206]
communicatively coupled to the validating unit [204]. The decoding unit [206] is configured to decode using one or more protocol decoders, the second set of network packets to extract traffic data from the second set of network packets, wherein the one or more protocol decoders are selected based on the validated set
20 of protocols.
[000102] The decoding involves interpreting the structure and content of each
network packet based on the specific protocols being used, ensuring that detailed and accurate traffic data is extracted for further analysis.
25
[000103] The decoding unit [206] utilizes the one or more protocol decoders,
wherein each of the one or more protocol decoders is configured to manage a specific network protocol. This modular approach thus allows the system [200] to decode the set of network packets flexibly and efficiently from different types of
30 network traffic. Further, the one or more protocol decoders are selected based on
the validated set of protocols (e.g., HTTP, TCP, and DIAMETER).
27

[000104] For example, the TCP/IP decoder interprets the fields within the
Transmission Control Protocol (TCP) and Internet Protocol (IP) headers, extracting
essential information such as source and destination IP addresses, port numbers,
sequence numbers, acknowledgment numbers, and control flags (e.g., SYN, ACK,
5 FIN, wherein the SYN flag is used to initiate a connection. Further, the ACK flag
is used to acknowledge the safe receipt of the data packets, and the initiation/ tear
down requests. Furthermore, the FIN flag denotes that the connection broke). For
example, a packet with a source IP address of 192.168.1.10 and a destination IP
address of 192.168.1.20, carrying a sequence number 12345 and acknowledgment
10 number 67890, can be decoded to understand the state and flow of the
communication between these two nodes.
[000105] In an exemplary embodiment, the decoding unit [206] may include
an HTTP decoder to parse Hypertext Transfer Protocol (HTTP) packets. It extracts
15 data from HTTP headers such as request methods (GET, POST), Uniform Resource
Locators (URLs), HTTP versions, and other header fields (e.g., User-Agent, Accept, Content-Type). In HTTP the User-Agent header field is intended to identify the user agent responsible for making a given HTTP request. Further, the Accept header field may be used by the user agents to specify response media types that
20 are acceptable, and the Content-Type header is used to indicate the media type of
the resource). For example, an HTTP request packet containing the method "GET", the URL "/index.html", and the header "User-Agent: Mozilla/5.0" can be decoded to analyse web traffic and user activity. In an exemplary embodiment, the decoding unit [206] also includes the SCTP (Stream Control Transmission Protocol) decoder
25 that is configured to manage the fields specific to SCTP, wherein Stream Control
Transmission Protocol (SCTP) is a transport-layer protocol that ensures reliable, in-sequence transport of data. It may extract the Verification Tag, Transmission Sequence Number (TSN), Stream Identifier, and Stream Sequence Number. In SCTP, the data chunks are numbered with transmission sequence number (TSN) in
30 order to control the data transfer. Further, in SCTP there is more than one stream in
each association, and each such stream should be identified using a Stream
28

Identifier (SI). Thus, the SCTP uses SI to distinguish between different streams.
Furthermore, the SCTP uses the stream sequence number (SSN) to distinguish
between different data chunks which belong to the same stream. Moreover, the
verification tag allows a receiver to verify that the SCTP packet belongs to the
5 current association and is not from a prior association. For example, an SCTP
packet with a Verification Tag of 123456, TSN 54321, Stream Identifier 1, and Stream Sequence Number 1 can be decoded to manage and monitor multi-stream communication sessions. In an exemplary embodiment, the decoding unit [206] also includes the UDP (User Datagram Protocol) decoder for UDP packets,
10 extracting source and destination IP addresses, port numbers, and length fields.
Also, the User Datagram Protocol (UDP) is a communications protocol primarily used to establish low-latency and loss-tolerating connections between applications on the internet. For instance, a UDP packet with a source port 1234 and a destination port 5678, carrying data of length 100 bytes, can be decoded to monitor real-time
15 applications like DNS queries or streaming services. In an exemplary embodiment
of encrypted HTTPS (Hypertext Transfer Protocol Secure) traffic, the decoding unit [206] may utilize a security module to decrypt the packets first. Once decrypted, the HTTP decoder can then parse the content to extract information similar to unencrypted HTTP traffic. This allows the system to analyse secure web traffic,
20 ensuring data privacy and security are maintained while still providing insights into
web usage patterns. In an embodiment, the decoding unit [206] can also be configured to decode DIAMETER protocol and packet forwarding control protocol (PFCP) protocol. In an embodiment, the decoding unit [206] can also be configured with custom protocol decoders for proprietary or less common protocols used in
25 specific applications or industries. These decoders may be configured for unique
packet structures and fields defined by these protocols, ensuring comprehensive data extraction. For example, a custom protocol used in industrial control systems may have specific header fields and data payload structures that the custom decoder can accurately interpret and extract.
30
29

[000106] The decoding further comprises extracting values for at least one of
the source IP addresses, destination IP addresses, user identifier (ID), node
identifier, stream ID, session ID, ports, sequence numbers, flags, options, and other
relevant protocol-specific information from the second set of network packets. The
5 decoding unit [206] extracts values for fields such as source and destination IP
addresses, user ID, ports, sequence numbers, flags, options, and other relevant protocol-specific information. The decoded information is then stored in a structured format, allowing users to easily read and analyse the packet contents.
10 [000107] The system [200] further comprises an analysing unit [208]
communicatively coupled to the decoding unit [206]. The analysing unit [208] is configured to analyse the extracted traffic data to identify a set of traffic patterns and calculate one or more performance metrics. The analysing unit [208] is further configured to process the extracted traffic data. The analysing unit [208] identifies
15 traffic patterns by examining parameters such as packet size, inter-arrival time, and
protocol usage. For example, by analysing the sequence and timing of packets in a TCP/IP flow, the analysing unit [208] can identify patterns like typical communication bursts, periods of inactivity, and anomalies indicating potential issues like network congestion or DoS (Denial of Service) attacks. To calculate one
20 or more performance metrics, the analysing unit [208] extracts and processes
perform metrics from the decoded packets such as round-trip time (RTT), packet loss rate, retransmission rate, throughput, and latency. For RTT, the analysing unit [208] measures the time difference between sending a packet and receiving the corresponding acknowledgement for assessing network latency. In a TCP
25 connection, RTT can be determined by comparing the timestamp of a data packet
and its acknowledgment packet. An unusually high RTT might indicate network congestion or routing issues.
[000108] For example, the analysing unit [208] calculates packet loss rate by
30 comparing the number of packets sent with the number of packets received. High
packet loss rates can degrade network performance significantly. For example, in a
30

UDP stream, if 100 packets are sent and only 90 are received, the packet loss rate
is 10%, which could indicate issues with network reliability. Similarly, the
retransmission rate is determined by identifying packets that are retransmitted due
to loss or errors. High retransmission rates can indicate network instability or poor
5 link quality. In a TCP flow, the analysing unit [208] identifies retransmissions by
examining sequence numbers. Frequent retransmissions may signal a problematic link or excessive interference in wireless networks.
[000109] Throughput is calculated by measuring the amount of data
10 successfully delivered over a network in a given time period. For example, the
analysing unit [208] can calculate throughput by summing the size of all
successfully delivered packets over a specific period to facilitate in understanding
the actual data transfer rate compared to the theoretical maximum. Latency, the time
taken for a packet to travel from the source to the destination, is another critical
15 metric, especially for real-time applications like VoIP and online gaming. The unit
measures latency by tracking the timestamps of packets as they traverse the network.
[000110] The analysing unit [208] is further configured for real-time analysis,
20 providing immediate insights into network performance, and enabling dynamic
network management. For example, during a live video conference, the analysing
unit [208] can continuously monitor metrics like jitter, latency, and packet loss to
ensure smooth and uninterrupted communication. Moreover, the analysing unit
[208] can utilise a machine learning model (such as a trained model) to identify
25 trends and recurrent problems. By training on historical traffic data, the trained
model can predict potential issues and suggest improvements for network
performance. For example, if the trained model identifies a recurring pattern of high
latency during specific times of the day, network administrators can investigate and
address the root cause.
30
31

[000111] In an embodiment of the present disclosure, the analysing unit [208]
is further configured to perform tracking and statistics of applications and networks.
The analysing unit [208] perform analysis of the key factors or consider the key
factors for performance measurement and latency calculation of a TCP connection.
5 The key factors include but are not limited to round-trip time (RTT) (identify the
time difference between the transmission of a packet and its corresponding acknowledgment), Advertised Receiver Window (It is a variable that advertises the amount of data that the destination side can receive), Raw Sequence Number (detect and quantify packet loss, aiding in performance evaluation), TCP Window Size
10 (amount of data a sender can transmit before receiving an acknowledgment),
delayed ACK analysis (wherein, delayed ACK is another technique used by some implementations of the TCP in an effort to improve network performance and reduce congestion). The system [200] correlates network packets to draw meaningful flow(s), decode all layers of the packet to extract the required
15 information necessary for performance measurement and latency calculation.
[000112] The analysing unit [208] is configured to identify, using the trained
model, at least one of trend, recurrent problem, and potential improvement in network performance. The analysing unit [208] utilizes artificial intelligence-based
20 machine learning (such as a trained model) and historical data to identify at least
one of trend, recurrent problem, and potential improvement in network performance. The analysing unit [208] utilizes the trained model that has been trained using historical network traffic data. The trained model can recognize patterns and anomalies in the network data, which allows it to make informed
25 predictions and identify significant trends. For example, by analysing traffic
patterns over time, the trained model can efficiently identify an increase in latency during specific hours of the day, indicating a potential congestion issue that needs to be addressed.
30 [000113] The trained model can recognize patterns and anomalies in the
network data by leveraging historical data and advanced machine learning algorithms. It continuously analyses vast amounts of network traffic data,
32

identifying normal behaviour patterns and deviations from these norms. By doing
so, the trained model can detect anomalies that may indicate potential issues, such
as unusual spikes in latency or packet loss, and predict future network behaviour
based on past trends. Additionally, by identifying significant trends, the model
5 helps network administrators optimize performance, manage resources more
efficiently, and enhance overall network reliability.
[000114] The analysing unit [208] is further configured for detecting recurrent
problems within the network. By examining historical data, the analysing unit [208]
10 can identify issues that occur repeatedly, such as frequent packet drops at a specific
router or consistent delays in a particular segment of the network. For example, if the trained model finds that packet loss spikes occur every Friday evening, it may point to a scheduled activity or a specific application causing the issue. This information facilitates the network administrators to diagnose and fix the root cause
15 of such recurrent problems. In an exemplary implementation, the analysing unit
[208] can suggest potential improvements in network performance. By analysing the data and recognizing inefficiencies, the trained model can recommend actions to optimize network performance. For example, if the unit identifies that certain network paths are consistently underutilized while others are overburdened, it might
20 suggest load balancing adjustments to distribute traffic more evenly across the
network. In another implementation, if the analysing unit [208] detects that specific types of traffic are causing bottlenecks, it could recommend prioritizing critical traffic to enhance overall performance. The trained model may further be utilised by the analysing unit [208] to continuously update with new data to improve its
25 accuracy and predictive capabilities. This ensures that the system remains effective
in identifying trends, problems, and opportunities for improvement even as network conditions and usage patterns evolve.
[000115] The system [200] further comprises a generating unit [210]
30 configured to generate a report based on the analysis. In an aspect, the report is
generated in at least one of JavaScript Object Notation (JSON) format, and an
33

Extensible Markup Language (XML) format, and standard network analysis file
format. The generating unit [210] of the system [200] generate reports summarizing
key findings, metrics, and recommendations for further action. The report displays
the decoded information in a structured format, highlighting key fields and values.
5 In an aspect, the report provides a packet display, which presents all packets of a
flow in a ladder diagram format, where the packet details can be seen by clicking
on one of the message transactions. The packet list view provides a summary of
matched packets, including information such as packet number, time, source and
destination addresses, protocols, network node, user identifier, session identifier
10 and other basic details. The packet list view enables quick scanning and navigation
through the captured packets. The detailed packet view presents the packet's various protocol layers, showing each layer's header fields, values, and descriptions.
[000116] In an aspect, the report is generated based on the filtered second set
15 of network packets. For example, a network administrator investigating high
latency and packet loss in video conferencing services uses the described method
for network traffic management. The receiving unit [202] collects network packets,
and the filtering unit [212] applies initial filters to focus on relevant traffic. The
retrieving unit [220] and fetching unit [222] further refine this set by targeting
20 specific protocols and session identifiers. The analysing unit [208] then decodes the
packets, calculates one or more performance metrics like latency and packet loss,
and identifies traffic patterns. The generating unit [210] compiles this analysis into
a report, available in formats like JSON, XML, PCAP, and ladder diagrams. The
report reveals that congestion at specific network nodes during peak times is
25 causing the issues, enabling the administrator to take targeted actions to improve
network performance.
[000117] In an aspect, the system [200] further comprises a display unit [216]
configured to display the generated report through a user interface. Next, the display
30 unit [216] of the system [200] is configured to display processed packets in a proper
format. In an implementation, the system [200] displays all packets of a flow in a
34

ladder diagram format, where the packet details can be seen by clicking to one of
the message transactions. The packet list view provides a summary of matched
packets, including information such as packet number, time, source and destination
addresses, protocols, and other basic details. This view allows the users or NMS to
5 quickly scan and navigate through the captured packets. The detailed packet view
presents the packet's various protocol layers, showing each layer's header fields, values, and descriptions.
[000118] In an exemplary implementation, the display unit [216] presents the
10 report in a visually intuitive and interactive format. It can include various elements
such as charts, graphs, tables, and textual summaries that make it easy to interpret the data. For example, one or more performance metrics like round-trip time (RTT), packet loss rate, throughput, and latency can be visualized in line graphs or bar charts, allowing users to quickly identify trends and anomalies. For example, one
15 practical application of the display unit [216] is in network operations centres
(NOCs), where real-time monitoring is critical. The user interface can be customized to show live updates of network performance, highlighting areas that need immediate attention. For instance, if there is a sudden spike in latency or packet loss, the display can use colour-coded alerts to draw the operator's attention
20 to the issue. Moreover, the display unit [216] allows users to interact with the report
data. Users can drill down into specific metrics, filter the data by time range or network segment, and view historical comparisons. For example, a network administrator might use the interface to filter the report to show only traffic related to a particular server, helping to diagnose performance issues specific to that server.
25
[000119] The first set of filtering parameters are received via the receiving unit
[202] from a user for filtering the first set of network packets. The first set of filtering parameters further comprises at least one of user equipment (UE) identifier (ID), source internet protocol (IP) address, destination IP address, source port
30 number, destination port number, packet length, and time period. In an example,
35

the at least one protocol associated may be at least one of, such as, but not limited to, TCP/IP, HTTP2, DIAMETER and FFCP.
[000120] In an operation, the first set of filtering parameters and the second
5 set of filtering parameters are received from a user. The first set of filtering
parameters and the second set of filtering parameters refers to criteria to selectively capture and analyse specific network packets from the overall network traffic. For example, the first set of filtering parameters might include user equipment (UE) identifier (ID), source and destination IP addresses, source and destination port
10 numbers, packet length, and a specified time period. These parameters allow the
system to filter out packets related to a particular user or session. The second set of filtering parameters, which could also be defined by the user, may further refine the selection by specifying additional criteria such as protocol type, application layer protocol fields, or specific keywords within the packet data. For example, a user
15 might filter HTTP packets by specifying the "User-Agent" header to only analyse
requests from a particular browser or use the "Content-Type" header to focus on specific types of content, such as "application/json" or "text/html.".
[000121] The system [200] further comprises a filtering unit [212]
20 communicatively coupled to the receiving unit [202]. The filtering unit [212] is
configured to filter the first set of network packets based on the first set of filtering
parameters, such as, but not limited to user equipment (UE) identifier (ID), source
internet protocol (IP) address, destination IP address, source port number,
destination port number, packet length, and time period. For example, if the first set
25 of filtering parameters specify a source IP address of 192.168.1.1 and a destination
port of 80, the filtering unit [212] will only allow packets matching these criteria to
pass through for further processing. In another example, filtering unit [212] may
filter the packet based on the user identifier, at least one protocol (e.g., HTTP2) for
a selected time period of 1 hour duration.
30
36

[000122] In an aspect, filtering unit [212] is configured to filter the second set
of network packets, wherein the filtering is based on the second set of filtering
parameters. The filtering unit [212] applies additional criteria (such as based on the
second set of filtering parameters) to further refine the network packets selected for
5 analysis, ensuring that only the most relevant data is considered. For example, the
second set of filtering parameters may include specific details such as destination IP addresses, source port numbers, packet lengths, and time periods. As an example, a network administrator might want to analyse traffic from a particular web server. The network administrator could set the filtering parameters to include destination
10 IP address 203.0.113.5 and destination port number 80, which corresponds to HTTP
traffic. Additionally, they might specify a time period, such as packets captured between 1 PM and 3 PM on a particular day. Another example could involve focusing on traffic related to a specific application by filtering packets that have a payload length greater than 1000 bytes, which might indicate significant data
15 transfers. By applying these parameters, the filtering unit [212] isolates the packets
of interest from the second set of network packets. Following this filtration, the generating unit [210] compiles a detailed report based on the filtered data, providing insights such as one or more performance metrics, traffic patterns, and potential issues. Network administrators can then use this report to make informed decisions
20 about network management and optimization.
[000123] It would be appreciated by the person skilled in the art that the
filtering unit [212] can also be used to manage network bandwidth more effectively. By filtering out non-critical traffic during peak usage times, the system can ensure
25 that essential services receive the necessary bandwidth. For example, in a video
conferencing system, the filtering unit [212] can prioritize packets related to the video and audio streams, filtering out less critical background traffic. Additionally, the filtering unit [212] supports dynamic filtering based on real-time conditions. For example, during a network congestion event, the filtering parameters can be
30 adjusted to prioritize high-priority traffic such as VoIP calls and emergency
communications.
37

[000124] The system [200] further comprises a retrieving unit [220]. The
retrieving unit [220] is communicatively coupled to the filtering unit [212]. The
retrieving unit [220] is configured to retrieve the filtered first set of network packets
5 from at least one source based on the first set of filtering parameters. For example,
the retrieving unit [220] may retrieve the filtered first set of network packets based on source IP address of 192.168.1.1. In an example, the retrieving unit [220] may retrieve the filtered first set of network packets based on at least one of user identifier, Subscription Permanent Identifier (SUPI), and session identifier.
10
[000125] The system [200] further comprises an identifying unit [214], which
is configured to identify a type of session based on the at least one protocol. In an operation, from the filtered first set of network packets, the identifying unit [214] may identify the type of session. The type of session comprises at least one of a
15 hypertext transfer protocol 2 (HTTP2) session, a diameter session, and a packet
forwarding control protocol (PFCP) session based on the at least one protocol associated with the filtered first set of network packets.
[000126] The identifying unit [214] is communicatively coupled with the
20 retrieving unit [220]. The retrieving unit [220] is further configured to retrieve at
least one identifier associated with the identified type of session. For example, the
retrieving unit [220] retrieves at least one identifier comprises at least one of HTTP2
stream ID, diameter session ID, and PFCP session endpoint identifier (SEID) and
fully qualified session identifier (F-SEID).
25
[000127] The system [200] further comprises a fetching unit [222]. The
fetching unit [222] is configured to fetch the second set of network packets from
the first set of network packets based on the retrieved at least one identifier. The
fetching unit [222] is communicatively coupled with the identifying unit [214]. The
30 fetching unit [222] further processes the first set of network packets based on the
retrieved at least one identifier. For example, based on the identifier such as HTTP2
stream ID, the fetching unit [222] may fetch the second set of network packets from
38

the first set of network packets. In an aspect, the fetching by the fetching unit [222]
further comprises performing a reverse lookup to fetch the second set of packets
matching the at least one identifier. As used herein, the performing reverse look up
refers to fetch the second set of packets matching the at least one identifier, such as
5 HTTP2 stream ID. The fetching unit [222] may fetch only matched packet based
on the at least one identifier from the first set of network packets and discard other packets.
[000128] In an aspect, the system [200] further comprises a storing unit [218]
10 configured to store the filtered second set of network packets. The fetching unit
[222] may store matched filtered packets into the storing unit [218]. In an aspect,
the storing unit [218] stores at least one captured packet, the set of protocol decode
rules, and the one or more search filters in an event of generation of the valid field
result. The storage unit [318] is further configured to store data associated with
15 implementation of the features of the present invention.
[000129] In an example, when a subscriber communicates, such as voice call,
in the network to other subscriber. The packets associated with voice call traffic of such subscriber and other subscribers of network may be captured by the system
20 [200]. The receiving unit [202] of the system [200] may receive a set of filtering
parameter such as user identifier, IP address, port number and time period associated with the voice call traffic provided by a user or network administrator. Based on the received filtering parameters such as user identifier, the filtering unit [212] filters the received packets associated with the voice call traffic. After the
25 filtering of the voice call traffic data, the retrieving unit [220] and identifying unit
[214] extracts the at least one type of session associated with protocol such as, but not limited to HTTP, PFCP and identifier associated with session type such as HTTP2 stream ID, (SE ID and F-SEID) associated with HTTP protocol and PFCP protocol respectively. Further, the fetching unit [222] fetches the matched packet
30 with at least one identifier, such as HTTP2 stream ID. Thereafter, the storing unit
39

[218] stores the fetched data packets in a database for further processing and analysing.
[000130] In an exemplary scenario, a network administrator tasked with
5 managing traffic for a large enterprise. The administrator uses the described method
to monitor and optimize network performance. The receiving unit [202] captures network packets across various protocols, such as HTTP, HTTPS, and PFCP, storing them in a central database. The validating unit [204] checks these protocols for compliance with standards. Next, the decoding unit [206] decodes the packets,
10 extracting crucial data like URLs, HTTP methods, and response times from HTTP
traffic. The analysing unit [208] then identifies traffic patterns and calculates one or more performance metrics such as latency and packet loss. To focus on specific traffic, the administrator sets filtering parameters, such as the source IP address (192.168.1.10) and a time period (9 AM to 5 PM). The retrieving unit [220] gathers
15 the relevant packets, and the identifying unit [214] determines session types,
retrieving session identifiers like HTTP/2 stream IDs. The fetching unit [222] collects all packets related to these sessions, which are stored by the storing unit [218]. The filtering unit [212] further refines this data based on additional user-defined parameters, such as filtering packets by a specific user equipment (UE)
20 identifier to isolate traffic from a particular device or specifying destination port
numbers to focus on HTTP traffic (port 80) versus HTTPS traffic (port 443). Another example of a user-defined parameter could be packet length, allowing the administrator to filter out packets below a certain size to focus on more significant data transfers. The generating unit [210] compiles a detailed report, highlighting
25 key metrics and trends. This report, displayed through the display unit [216] in
JSON format, provides the administrator with actionable insights to optimize network performance and address any detected issues in real-time.
[000131] Further, in accordance with the present disclosure, it is to be
30 acknowledged that the functionality described for the various the components/units
can be implemented interchangeably. While specific embodiments may disclose a
40

particular functionality of these units for clarity, it is recognized that various
configurations and combinations thereof are within the scope of the disclosure. The
functionality of specific units as disclosed in the disclosure should not be construed
as limiting the scope of the present disclosure. Consequently, alternative
5 arrangements and substitutions of units, provided they achieve the intended
functionality described herein, are considered to be encompassed within the scope of the present disclosure.
10 [000132] Referring to FIG. 3, an exemplary method flow diagram [300] for
network traffic management in accordance with exemplary implementations of the present disclosure is shown. In an implementation the method [300] is performed by the system [200]. Further, in an implementation, the system [200] may be present in a server device to implement the features of the present disclosure. Also, as
15 shown in FIG. 3, the method [300] starts at step [302].
[000133] Next, at step [304], the method [300] further comprises receiving by
a receiving unit [202], a set of network packets associated with a second set of network packets corresponding to network traffic, the second set of network packets
20 is stored in a database. The receiving unit [202] may communicatively attach with
a storing unit [218]. The storing unit [218] may store the second set of network packets in the database. In an operation, the receiving unit [202] may receive the second set of network packets associated with voice call, data services, data web browsers, email clients, streaming services, and other applications. The receiving
25 unit [202] is configured to receive and manage the set of protocol may be associated
with different protocols, including but not limited only to transmission control protocol/internet protocol (TCP/IP), user datagram protocol (UDP), and stream control transmission protocol (SCTP), Hypertext Transfer Protocol/2 (HTTP2), DIAMETER and packet forwarding control protocol (PFCP). In an exemplary
30 aspect, the data packet may be associated with one or more network nodes of 5G
network such as, but not limited to, access and mobility management function (AMF) and session management function (SMF). In an exemplary aspect, the data
41

packet may be associated with network devices such as, but not limited to, server, routers, and gateways.
[000134] Next, at step [306], the method [300] further comprises validating,
5 by a validation unit [204], the set of protocols based on a dataset comprising
information associated with a plurality of protocols. The system [200] further comprises a validating unit [204] communicatively coupled to the receiving unit [202], which validates the set of protocols. In an aspect, validating the set of protocols associated with each of the received set of network packets based on the
10 dataset comprises checking for an error in a network packet structure indicative of
data corruption. For example, the validating unit [204] can check the integrity of the set of network packets (such as TCP/IP packets) by verifying the checksum field in the packet header. If the checksum value does not match the calculated checksum for the set of network packet data, the validating unit [204] flags this packet as
15 corrupted. This ensures that any packets with potential data corruption are identified
and managed appropriately, which is crucial for maintaining data integrity. Additionally, the validating unit [204] can validate HTTP packets by inspecting the HTTP headers. For example, it can check whether the headers contain all required fields such as the request method (e.g., GET or POST, these are the request headers
20 which are used to provide additional information about the request), the URL, and
the protocol version (e.g., HTTP/1.1, HTTP/2 wherein HTTP stands for Hypertext transfer protocol, and it is the primary protocol for transmission of information across the internet). If any of these fields are missing or malformed, the validating unit [204] identifies the packet as invalid and may log the error or discard the
25 packet.
[000135] Next, at step [308], the method [300] further comprises decoding, by
a decoding unit [206] using one or more protocol decoders, the second set of
network packets to extract traffic data from the second set of network packets,
30 wherein the one or more protocol decoders are selected based on the validated set
of protocols. The decoding involves interpreting the structure and content of each
42

network packet based on the specific protocols being used, ensuring that detailed
and accurate traffic data is extracted for further analysis. The decoding unit [206]
utilizes the one or more protocol decoders, wherein each of the one or more protocol
decoders is configured to manage a specific network protocol. This modular
5 approach thus allows the system [200] to decode the set of network packets flexibly
and efficiently from different types of network traffic. Further, the one or more protocol decoders are selected based on the validated set of protocols (e.g., HTTP, TCP, and DIAMETER).
10 [000136] For example, the TCP/IP decoder interprets the fields within the
Transmission Control Protocol (TCP) and Internet Protocol (IP) headers, extracting essential information such as source and destination IP addresses, port numbers, sequence numbers, acknowledgment numbers, and control flags (e.g., SYN, ACK, FIN, wherein the SYN flag is used to initiate a connection. Further, the ACK flag
15 is used to acknowledge the safe receipt of the data packets, and the initiation/ tear
down requests. Furthermore, the FIN flag denotes that the connection broke). For example, a packet with a source IP address of 192.168.1.10 and a destination IP address of 192.168.1.20, carrying a sequence number 12345 and acknowledgment number 67890, can be decoded to understand the state and flow of the
20 communication between these two nodes.
[000137] In an exemplary embodiment, the decoding unit [206] may include
an HTTP decoder to parse Hypertext Transfer Protocol (HTTP) packets. It extracts data from HTTP headers such as request methods (GET, POST), Uniform Resource
25 Locators (URLs), HTTP versions, and other header fields (e.g., User-Agent,
Accept, Content-Type). In HTTP the User-Agent header field is intended to identify the user agent responsible for making a given HTTP request. Further, the Accept header field may be used by the user agents to specify response media types that are acceptable, and the Content-Type header is used to indicate the media type of
30 the resource). For example, an HTTP request packet containing the method "GET",
the URL "/index.html", and the header "User-Agent: Mozilla/5.0" can be decoded
43

to analyse web traffic and user activity. In an exemplary embodiment, the decoding
unit [206] also includes the SCTP (Stream Control Transmission Protocol) decoder
that is configured to manage the fields specific to SCTP, wherein Stream Control
Transmission Protocol (SCTP) is a transport-layer protocol that ensures reliable, in-
5 sequence transport of data. It may extract the Verification Tag, Transmission
Sequence Number (TSN), Stream Identifier, and Stream Sequence Number. In
SCTP, the data chunks are numbered with transmission sequence number (TSN) in
order to control the data transfer. Further, in SCTP there is more than one stream in
each association, and each such stream should be identified using a Stream
10 Identifier (SI). Thus, the SCTP uses SI to distinguish between different streams.
Furthermore, the SCTP uses the stream sequence number (SSN) to distinguish between different data chunks which belong to the same stream. Moreover, the verification tag allows a receiver to verify that the SCTP packet belongs to the current association and is not from a prior association. For example, an SCTP
15 packet with a Verification Tag of 123456, TSN 54321, Stream Identifier 1, and
Stream Sequence Number 1 can be decoded to manage and monitor multi-stream communication sessions. In an exemplary embodiment, the decoding unit [206] also includes the UDP (User Datagram Protocol) decoder for UDP packets, extracting source and destination IP addresses, port numbers, and length fields.
20 Also, the User Datagram Protocol (UDP) is a communications protocol primarily
used to establish low-latency and loss-tolerating connections between applications on the internet. For instance, a UDP packet with a source port 1234 and a destination port 5678, carrying data of length 100 bytes, can be decoded to monitor real-time applications like DNS queries or streaming services. In an exemplary embodiment
25 of encrypted HTTPS (Hypertext Transfer Protocol Secure) traffic, the decoding unit
[206] may utilize a security module to decrypt the packets first. Once decrypted, the HTTP decoder can then parse the content to extract information similar to unencrypted HTTP traffic.
30 [000138] The decoding allows the system to analyse secure web traffic,
ensuring data privacy and security are maintained while still providing insights into
44

web usage patterns. In an embodiment, the decoding unit [206] can also be
configured to decode DIAMETER protocol and packet forwarding control protocol
(PFCP) protocol. In an embodiment, the decoding unit [206] can also be configured
with custom protocol decoders for proprietary or less common protocols used in
5 specific applications or industries. These decoders may be configured for unique
packet structures and fields defined by these protocols, ensuring comprehensive data extraction. For example, a custom protocol used in industrial control systems may have specific header fields and data payload structures that the custom decoder can accurately interpret and extract. The decoding further comprises extracting
10 values for at least one of the source IP addresses, destination IP addresses, user
identifier (ID), node identifier, stream ID, session ID, ports, sequence numbers, flags, options, and other relevant protocol-specific information from the second set of network packets. The decoding unit [206] extracts values for fields such as source and destination IP addresses, user ID, ports, sequence numbers, flags, options, and
15 other relevant protocol-specific information. The decoded information is then
stored in a structured format, allowing users to easily read and analyse the packet contents.
[000139] Next, at step [310], the method [300] further comprises analysing,
20 by an analysing unit [208], the extracted traffic data to identify a set of traffic
patterns and calculate one or more performance metrics. The analysing unit [208]
is further configured to process the extracted traffic data. The analysing unit [208]
identifies traffic patterns by examining parameters such as packet size, inter-arrival
time, and protocol usage. For example, by analysing the sequence and timing of
25 packets in a TCP/IP flow, the analysing unit [208] can identify patterns like typical
communication bursts, periods of inactivity, and anomalies indicating potential
issues like network congestion or DoS (Denial of Service) attacks. To calculate one
or more performance metrics, the analysing unit [208] extracts and processes
perform metrics from the decoded packets such as round-trip time (RTT), packet
30 loss rate, retransmission rate, throughput, and latency. For RTT, the analysing unit
[208] measures the time difference between sending a packet and receiving the
45

corresponding acknowledgement for assessing network latency. In a TCP connection, RTT can be determined by comparing the timestamp of a data packet and its acknowledgment packet. An unusually high RTT might indicate network congestion or routing issues. 5
[000140] For example, the analysing unit [208] calculates packet loss rate by
comparing the number of packets sent with the number of packets received. High packet loss rates can degrade network performance significantly. For example, in a UDP stream, if 100 packets are sent and only 90 are received, the packet loss rate
10 is 10%, which could indicate issues with network reliability. Similarly, the
retransmission rate is determined by identifying packets that are retransmitted due to loss or errors. High retransmission rates can indicate network instability or poor link quality. In a TCP flow, the analysing unit [208] identifies retransmissions by examining sequence numbers. Frequent retransmissions may signal a problematic
15 link or excessive interference in wireless networks.
[000141] Throughput is calculated by measuring the amount of data
successfully delivered over a network in a given time period. For example, the analysing unit [208] can calculate throughput by summing the size of all
20 successfully delivered packets over a specific period to facilitate in understanding
the actual data transfer rate compared to the theoretical maximum. Latency, the time taken for a packet to travel from the source to the destination, is another critical metric, especially for real-time applications like VoIP and online gaming. The unit measures latency by tracking the timestamps of packets as they traverse the
25 network.
[000142] The analysing may further include employing analysing unit [208]
configured for real-time analysis, providing immediate insights into network
performance, and enabling dynamic network management. For example, during a
30 live video conference, the analysing unit [208] can continuously monitor metrics
like jitter, latency, and packet loss to ensure smooth and uninterrupted
46

communication. Moreover, the analysing unit [208] can utilise a machine learning
model (such as a trained model) to identify trends and recurrent problems. By
training on historical traffic data, the trained model can predict potential issues and
suggest improvements for network performance. For example, if the trained model
5 identifies a recurring pattern of high latency during specific times of the day,
network administrators can investigate and address the root cause.
[000143] In an embodiment of the present disclosure, the analysing further
includes performing tracking and statistics of applications and networks. The
10 analysing unit [208] perform analysis of the key factors or consider the key factors
for performance measurement and latency calculation of a TCP connection. The key factors include but are not limited to round-trip time (RTT) (identify the time difference between the transmission of a packet and its corresponding acknowledgment), Advertised Receiver Window (It is a variable that advertises the
15 amount of data that the destination side can receive), Raw Sequence Number (detect
and quantify packet loss, aiding in performance evaluation), TCP Window Size (amount of data a sender can transmit before receiving an acknowledgment), delayed ACK analysis (wherein, delayed ACK is another technique used by some implementations of the TCP in an effort to improve network performance and
20 reduce congestion). The system [200] correlates network packets to draw
meaningful flow(s), decode all layers of the packet to extract the required information necessary for performance measurement and latency calculation.
[000144] The analysing further includes identify, using the trained model, at
25 least one of trend, recurrent problem, and potential improvement in network
performance. The analysing unit [208] utilizes artificial intelligence-based machine
learning (such as a trained model) and historical data to identify at least one of trend,
recurrent problem, and potential improvement in network performance. The
analysing unit [208] utilizes the trained model that has been trained using historical
30 network traffic data. The trained model can recognize patterns and anomalies in the
network data, which allows it to make informed predictions and identify significant trends. For example, by analysing traffic patterns over time, the trained model can
47

efficiently identify an increase in latency during specific hours of the day, indicating a potential congestion issue that needs to be addressed.
[000145] The analysing further includes detecting recurrent problems within
5 the network. By examining historical data, the analysing unit [208] can identify
issues that occur repeatedly, such as frequent packet drops at a specific router or consistent delays in a particular segment of the network. For example, if the trained model finds that packet loss spikes occur every Friday evening, it may point to a scheduled activity or a specific application causing the issue. This information
10 facilitates the network administrators to diagnose and fix the root cause of such
recurrent problems. In an exemplary implementation, the analysing unit [208] can suggest potential improvements in network performance. By analysing the data and recognizing inefficiencies, the trained model can recommend actions to optimize network performance. For instance, if the unit identifies that certain network paths
15 are consistently underutilized while others are overburdened, it might suggest load
balancing adjustments to distribute traffic more evenly across the network. In another implementation, if the analysing unit [208] detects that specific types of traffic are causing bottlenecks, it could recommend prioritizing critical traffic to enhance overall performance. The trained model may further be utilised by the
20 analysing unit [208] to continuously update with new data to improve its accuracy
and predictive capabilities. This ensures that the system remains effective in identifying trends, problems, and opportunities for improvement even as network conditions and usage patterns evolve.
25 [000146] Next, at step [312], the method [300] further comprises generating,
by a generating unit [210], a report based on the analysis. In an aspect, the report is generated in at least one of JavaScript Object Notation (JSON) format, and an Extensible Markup Language (XML) format, a packet capture (PCAP) format, and a ladder diagram format. The generating unit [210] of the system [200] generate
30 reports summarizing key findings, metrics, and recommendations for further action.
The report displays the decoded information in a structured format, highlighting
48

key fields and values. In an aspect, the report provides a packet display, which
presents all packets of a flow in a ladder diagram format, where the packet details
can be seen by clicking on one of the message transactions. The packet list view
provides a summary of matched packets, including information such as packet
5 number, time, source and destination addresses, protocols, network node, user
identifier, session identifier and other basic details. The packet list view enables quick scanning and navigation through the captured packets. The detailed packet view presents the packet's various protocol layers, showing each layer's header fields, values, and descriptions.
10
[000147] In an aspect, the method [300] include displaying, by a display unit
[216], the generated report through a user interface. Next, the display unit [216] of the system [200] is configured to display processed packets in a proper format. In an implementation, the system [200] displays all packets of a flow in a ladder
15 diagram format, where the packet details can be seen by clicking to one of the
message transactions. The packet list view provides a summary of matched packets, including information such as packet number, time, source and destination addresses, protocols, and other basic details. This view allows the users or NMS to quickly scan and navigate through the captured packets. The detailed packet view
20 presents the packet's various protocol layers, showing each layer's header fields,
values, and descriptions.
[000148] In an exemplary implementation, the display unit [216] presents the
report in a visually intuitive and interactive format. It can include various elements
25 such as charts, graphs, tables, and textual summaries that make it easy to interpret
the data. For example, one or more performance metrics like round-trip time (RTT), packet loss rate, throughput, and latency can be visualized in line graphs or bar charts, allowing users to quickly identify trends and anomalies. For example, one application of the display unit [216] is in network operations centres (NOCs), where
30 real-time monitoring is critical. The user interface can be customized to show live
updates of network performance, highlighting areas that need immediate attention.
49

For instance, if there is a sudden spike in latency or packet loss, the display can use
colour-coded alerts to draw the operator's attention to the issue. Moreover, the
display unit [216] allows users to interact with the report data. Users can drill down
into specific metrics, filter the data by time range or network segment, and view
5 historical comparisons. For example, a network administrator might use the
interface to filter the report to show only traffic related to a particular server, helping to diagnose performance issues specific to that server.
[000149] The receiving unit [202] is configured to receive a first set of filtering
10 parameters for filtering a first set of network packets corresponding to a network
traffic, the first set of filtering parameters comprises at least one protocol associated
with the first set of network packets. In an operation, the first set of network packets
corresponding to the network traffic m associated with such as, but not limited to,
voice call service, data service, streaming service, and the like. In an exemplary
15 aspect, the first set of data packet may be associated with one or more network
nodes of 5G network such as, but not limited to, access and mobility management
function (AMF) and session management function (SMF). In an exemplary aspect,
the first set of data packet may be associated with network devices such as, but not
limited to, server, routers, and gateways.
20
[000150] The first set of filtering parameters are received via the receiving unit
[202] from a user for filtering the first set of network packets. The first set of
filtering parameters further comprises at least one of user equipment (UE) identifier
(ID), source internet protocol (IP) address, destination IP address, source port
25 number, destination port number, packet length, and time period. In an example,
the at least one protocol associated may be at least one of, such as, but not limited
to, TCP/IP, HTTP2, DIAMETER and FFCP.
[000151] In an operation, the first set of filtering parameters and the second
30 set of filtering parameters are received from a user. The first set of filtering
parameters and the second set of filtering parameters refers to criteria to selectively
capture and analyse specific network packets from the overall network traffic. For
50

example, the first set of filtering parameters might include user equipment (UE)
identifier (ID), source and destination IP addresses, source and destination port
numbers, packet length, and a specified time period. These parameters allow the
system to filter out packets related to a particular user or session. The second set of
5 filtering parameters, which could also be defined by the user, may further refine the
selection by specifying additional criteria such as protocol type, application layer
protocol fields, or specific keywords within the packet data. For example, a user
might filter HTTP packets by specifying the "User-Agent" header to only analyse
requests from a particular browser or use the "Content-Type" header to focus on
10 specific types of content, such as "application/json" or "text/html.".
[000152] The filtering unit [212] is configured to filter the first set of network
packets based on the first set of filtering parameters, such as, but not limited to user equipment (UE) identifier (ID), source internet protocol (IP) address, destination IP
15 address, source port number, destination port number, packet length, and time
period. For example, if the first set of filtering parameters specify a source IP address of 192.168.1.1 and a destination port of 80, the filtering unit [212] will only allow packets matching these criteria to pass through for further processing. In another example, filtering unit [212] may filter the packet based on the user
20 identifier, at least one protocol (e.g., HTTP2) for a selected time period of 1 hour
duration.
[000153] In an aspect, filtering unit [212] is configured to filter the second set
of network packets, wherein the filtering is based on the second set of filtering
25 parameters. The filtering unit [212] applies additional criteria (such as based on the
second set of filtering parameters) to further refine the network packets selected for analysis, ensuring that only the most relevant data is considered. For example, the second set of filtering parameters may include specific details such as destination IP addresses, source port numbers, packet lengths, and time periods. As an example,
30 a network administrator might want to analyse traffic from a particular web server.
The network administrator could set the filtering parameters to include destination
51

IP address 203.0.113.5 and destination port number 80, which corresponds to HTTP
traffic. Additionally, they might specify a time period, such as packets captured
between 1 PM and 3 PM on a particular day. Another example could involve
focusing on traffic related to a specific application by filtering packets that have a
5 payload length greater than 1000 bytes, which might indicate significant data
transfers. By applying these parameters, the filtering unit [212] isolates the packets
of interest from the second set of network packets. Following this filtration, the
generating unit [210] compiles a detailed report based on the filtered data, providing
insights such as one or more performance metrics, traffic patterns, and potential
10 issues. Network administrators can then use this report to make informed decisions
about network management and optimization.
[000154] It would be appreciated by the person skilled in the art that the
filtering unit [212] can also be used to manage network bandwidth more effectively.
15 By filtering out non-critical traffic during peak usage times, the system can ensure
that essential services receive the necessary bandwidth. For example, in a video conferencing system, the filtering unit [212] can prioritize packets related to the video and audio streams, filtering out less critical background traffic. Additionally, the filtering unit [212] supports dynamic filtering based on real-time conditions.
20 For example, during a network congestion event, the filtering parameters can be
adjusted to prioritize high-priority traffic such as VoIP calls and emergency communications.
[000155] Thereafter, the method [300] terminates at step [314].
25
[000156] For example, a telecom company managing a large 5G network,
which is experiencing intermittent performance issues affecting video streaming services. To address this, the company implements the described method for network traffic management. The method comprises: receiving, by a receiving unit
30 [202], a set of protocols associated with a second set of network packets
corresponding to the network traffic, with the second set of network packets stored in a database. The validating unit [204] then validates these protocols based on a
52

dataset comprising information associated with various protocols. This validation
process includes checking for errors and anomalies in the packet structure,
indicative of data corruption. Next, the decoding unit [206], using one or more
protocol decoders selected based on the validated protocols, decodes the second set
5 of network packets to extract traffic data. The analysing unit [208] then analyses
this extracted traffic data in real-time to identify traffic patterns, such as the distribution of protocols, packet sizes, inter-arrival times, and the occurrence of specific events. The analysis further includes calculating one or more performance metrics such as network latency, packet loss rate, throughput, and data transmission
10 errors. Using a trained model based on historical traffic data, the identifying unit
[214] identifies trends, recurrent problems, and potential improvements in network performance. The generating unit [210] then creates a report based on the analysis, which can be generated in formats like JavaScript Object Notation (JSON), Extensible Markup Language (XML), packet capture (PCAP), and ladder diagrams.
15 Finally, the display unit [216] displays the generated report through a user interface.
The network administrator at the telecom company can thus see from the report that during peak usage times, there are significant increases in latency and packet loss, particularly affecting video streaming services. The report, displayed in a ladder diagram format, shows that these issues are occurring at specific network nodes
20 managing heavy traffic loads. The network administrator identifies a trend of
recurrent congestion at these nodes and implements targeted optimizations, such as re-routing traffic and upgrading hardware, leading to a significant improvement in network performance and a better user experience for video streaming services.
25 [000157] FIG. 4 illustrates another method flow diagram for network traffic
management, in accordance with exemplary implementations of the present disclosure. In an implementation the method [400] is performed by the system [200]. Further, in an implementation, the system [200] may be present in a server device to implement the features of the present disclosure. Also, as shown in FIG.
30 4, the method [400] starts at step [402].
53

[000158] Next, at step [404], the method [400] further comprises receiving, by
a receiving unit [202], a set of filtering parameters for filtering a set of network
packets corresponding to a network traffic, the set of filtering parameters comprises
at least one protocol associated with the set of network packets. In an operation, the
5 set of network packets corresponding to the network traffic may be associated with
such as, but not limited to, voice call service, data service, streaming service, and the like. In an exemplary aspect, the set of data packet may be associated with one or more network nodes of 5G network such as, but not limited to, access and mobility management function (AMF) and session management function (SMF). In
10 an exemplary aspect, the set of data packet may be associated with network devices
such as, but not limited to, server, routers, and gateways. The first set of filtering parameters are received via the receiving unit [202] from a user for filtering the first set of network packets. The set of filtering parameters further comprises at least one of user equipment (UE) identifier (ID), source internet protocol (IP) address,
15 destination IP address, source port number, destination port number, packet length,
and time period. In an example, the at least one protocol associated may be at least one of, such as, but not limited to, TCP/IP, HTTP2, DIAMETER and FFCP.
[000159] Next, at step [406], the method [400] further comprises identifying,
20 by an identifying unit [214], a type of session identifier based on the at least one
protocol. In an operation, from the first set of network packets, the identifying unit
[214] may identify the type of session and session identifier. The type of session
comprises at least one of a hypertext transfer protocol 2 (HTTP2) session, a
diameter session, and a packet forwarding control protocol (PFCP) session based
25 on the at least one protocol associated with the set of network packets. After
identifying the session, the identifying unit [214] may identify at least one identifier comprises at least one of HTTP2 stream ID, diameter session ID, and PFCP session endpoint identifier (SEID) and fully qualified session identifier (F-SEID).
30 [000160] Next, at step [408], the method [400] further comprises filtering, by
a filtering unit [212], the set of network packets, based on the set of filtering
54

parameters and a type of session identifier based on the at least one protocol. The
filtering unit [212] may be communicatively coupled with the receiving unit [202]
and the identifying unit [214]. In an operation, the filtering unit [212] may filter the
set of network packets based on the filtering parameters such as, but not limited to,
5 user identifier, connection port number and time period and protocol and session
identifier such as HTTP2 and HTTP stream ID.
[000161] Next, at step [410], the method [400] further comprises combining,
the set of packets, by a fetching unit [222], based on the set of filtering parameters
10 and a type of session identifier based on the at least one protocol. The filtering unit
[212] may be communicatively coupled with the fetching unit [222]. For example, when a subscriber communicates in the network for a voice service or a data service, there may the set of packets associated with the communication session. The fetching unit [222] may combine all the packets from the set of packets associated
15 with the communication session. On receiving the filtering parameters such as user
identifier or Subscription Permanent Identifier (SUPI), connection port number and identified protocol session identifier such as, HTTP2 stream ID, the fetching unit [222] combines all the packets from the set of packets associated with the communication session. In an implementation, for example, twenty packets may be
20 associated with communication session. From the twenty packets, some packets
such as two packets may have user identifier. Further, five packets have HTTP stream ID, five packets have DIAMETER session ID, three packets may have PFCP session endpoint identifier (SEID) and fully qualified session identifier (F-SEID). Further, five packets may have connection port number or identifier. The fetching
25 unit [222] may combine all the packets based on the identified and matched user
identifier, one or more protocols, one or more session identifiers and connection port number for the communication session. The fetching unit [222] may discard non matched packets in the network.
30 [000162] Next, at step [412], the method [400] further comprises storing, by a
storing unit [218], the combined set of network packets in a database. The fetching unit [222] may be communicatively coupled with the storing unit [218]. The storing
55

unit [218] may store the combined set of network packets in the database for further
processing and analysing. Based on the stored set of network packets, the
performance of network service may be identified in a visual way via display unit
[216].
5
[000163] Thereafter, the method [400] terminates at step [414].
[000164] For example, a network administrator working for a telecom
company that provides 5G services receives multiple complaints from users in a
10 specific area about slow internet speeds and dropped connections during video
calls. To diagnose and resolve these issues, the network administrator employs the described method. First, the method involves receiving, by the receiving unit [202], a first set of filtering parameters from the network administrator. These parameters include filtering network packets associated with the PFCP protocol, user
15 equipment (UE) identifiers of the affected users, and a specific time period when
the issues were reported. The retrieving unit [220] then gathers the filtered PFCP packets from the network's monitoring system based on these parameters. Next, the identifying unit [214] determines that these packets belong to specific PFCP sessions related to the affected users. Following this, the retrieving unit [220]
20 identifies the relevant session endpoint identifiers (SEIDs) associated with these
PFCP sessions. Subsequently, the fetching unit [222] collects the second set of network packets corresponding to these SEIDs from the initially filtered set. Finally, the storing unit [218] stores this refined set of network packets in the database. With this refined data, the network administrator can conduct a detailed
25 analysis of the users' 5G sessions. By examining traffic patterns, calculating one or
more performance metrics like round-trip time (RTT), packet loss rate, and throughput, and identifying any anomalies, the administrator generates a comprehensive report. The report reveals that during peak usage times, there is significant congestion at a specific network node, leading to increased latency and
30 packet loss. Based on the insights, the network administrator implements targeted
optimizations, such as reconfiguring network routing and upgrading hardware at
56

the congested node, improving the overall network performance, and resolving the users' issues.
[000165] Referring to FIG. 5, an exemplary process flow diagram indicating
5 network traffic management is shown, in accordance with exemplary embodiments
of the present disclosure. The process [500] comprises in the following steps.
[000166] The process starts at step S1.
10 [000167] At Step S2, initialization of system modules occurs. The system
modules may be associated with such as, but not limited to, receiving unit, filtering unit, identifying unit, decoding unit, and storing unit.
[000168] At Step S3, loading all relevant protocol decoders, network function
15 details, packet data structures, and reassembly tables required for the subsequent
network traffic analysis and performance optimization process.
[000169] At Step S4, check if a search filter was passed. In an example, the
search filter may be associated with user identifier. 20
[000170] At Step S5, if a search filter is passed, the system reads the filter list
and pre-compiles it to prepare for efficient matching against the incoming network packets.
25 [000171] At Step S6, if no search filter is passed, the system accepts the raw
packets and protocol decode rules. These raw packets are the data captured from the network, and the decode rules define how these packets will be interpreted.
[000172] At Step S7, the protocol fields were passed for validity. This
30 validation ensures that the protocol fields in the received packets conform to
57

expected formats and standards. In an example, the protocol fields may be associated with such as HTTP2, DIAMETER and PFCP.
[000173] At Step S8, if the protocol fields are valid, the system stores the
5 packet decode rules and search filter into an in-memory file for analysis for
organizing the data before detailed processing begins. In an example, the search filter may comprise user identifier and time period.
[000174] At Step S9, processes the analysis file for each packet. This involves
10 reading each packet, storing it temporarily, and then decoding the packet using the
applicable protocol decoders.
[000175] At Step S10, read one packet and store it in a temporary buffer.
15 [000176] At Step S11, extract the packet data, eliminating any unnecessary
headers (like PCAP headers, if present) to focus on the actual payload of the packet.
[000177] At Step S12, decode the packet with the applicable protocol
decoder(s). This decoding process interprets the packet based on the protocol-
20 specific rules, extracting useful data fields.
[000178] At Step S13, apply the match filter to the decoded packet data. If the
packet matches the predefined filter criteria, it is stored in an in-memory structure for further analysis. 25
[000179] At Step S14, store it in an in-memory structure for further analysis.
[000180] At Step S15, check if there are more packets left in the analysis file.
If there are more packets, the process loops back to step S9. If no more packets are
30 left, the system proceeds to the next step.
58

[000181] At step S16, complete data in the configured format, such as JSON
or PCAP, wherein JSON stands for JavaScript Object Notation. JSON is a
lightweight format for storing and transporting data. JSON is often used when data
is sent from a server to a web page. Further, PCAP stands for Packet capture. Packet
5 capture is a networking practice involving the interception of data packets travelling
over a network. This output format is suitable for further analysis or reporting.
[000182] At step S17, clear temporary data structures and resets the filter
engine and decoders, preparing the system for the next analysis cycle. 10
[000183] At step S18, the process stops.
[000184] The present disclosure further discloses a non-transitory computer-
readable storage medium storing instruction for network traffic management, the
15 storage medium comprising executable code which, when executed by one or more
units of a system [200], cause a receiving unit [202] to receive a set of protocol associated with a second set of network packets corresponding to network traffic, the second set of network packets is stored in a database. Further, when the instructions executed cause a validating unit [204] to validate the set of protocols
20 based on a dataset comprising information associated with a plurality of protocols.
Further, when the instructions executed cause a decoding unit [206] to decode using one or more protocol decoders, the second set of network packets to extract traffic data from the second set of network packets, wherein the one or more protocol decoders are selected based on the validated set of protocols. Further, when the
25 instructions executed cause an analysing unit [208] to analyse the extracted traffic
data to identify a set of traffic patterns and calculate one or more performance metrics. Further, when the instructions executed cause a generating unit [210] to generate a report based on the analysis.
30 [000185] The present disclosure provides a user equipment (UE). The UE
comprising: a processor configured to: receive a set of protocol associated with a
59

second set of network packets corresponding to network traffic, the second set of
network packets is stored in a database; validate the set of protocols based on a
dataset comprising information associated with a plurality of protocols; decode,
using one or more protocol decoders, the second set of network packets to extract
5 traffic data from the second set of network packets, wherein the one or more
protocol decoders are selected based on the validated set of protocols; analyse the extracted traffic data to identify a set of traffic patterns and calculate one or more performance metrics; and generate a report based on the analysis.
10 [000186] As is evident from the above, the present disclosure provides a
technically advanced solution by providing a method and system for network traffic analysis and performance optimization that is efficient and reliable to get insight into network flows, identification of any anomaly in traffic patterns, monitoring deviation in application performance, efficient subscriber session debugging and to
15 have a collaborative troubleshooting across different network domains. Further, the
present invention provides a flexible solution that can be deployed over a variety of infrastructures such as on-premises, edge, and public cloud. The present system is also compatible on any commodity hardware which a service provider has without a need to invest any further. The present method and system also provide real-time
20 subscriber tracing and historical session analysis to pinpoint various network-
related problems. The present method and system also efficiently monitor the performance of the application as well as the entire network to make decisions regarding network infrastructure management and planning. The present method and system also allow for receiving in advance or at the same time any performance
25 threshold breach, service degradation trend and potential bottleneck so that
corrective measurements can be taken to avoid service outages.
[000187] Thus, the proposed method and system provide end-to-end visibility
into the subscriber sessions, performance of applications, networks, and
30 infrastructure across multiple domains (say 5GC, EPC, IMS deployed on bare metal
or as Containerised Network Functions).
60

[000188] The present disclosure provides performance optimization by
implementing a comprehensive method for network traffic analysis. This method
involves receiving and validating network packets, decoding them to extract traffic
5 data, and analysing this data to identify traffic patterns and calculate one or more
performance metrics such as latency, packet loss, and throughput. By generating
detailed reports based on this analysis and using a trained model to identify trends,
recurrent problems, and potential improvements, the system enables real-time
insights and proactive management of network performance.
10
[000189] It should be noted that the terms "first", "second", "primary",
"secondary", "target" and the like, herein do not denote any order, ranking, quantity,
or importance, but rather are used to distinguish one element from another.
15 [000190] Further, in accordance with the present disclosure, it is to be
acknowledged that the functionality described for the various components/units can be implemented interchangeably. While specific embodiments may disclose a particular functionality of these units for clarity, it is recognized that various configurations and combinations thereof are within the scope of the disclosure. The
20 functionality of specific units, as disclosed in the disclosure, should not be
construed as limiting the scope of the present disclosure. Consequently, alternative arrangements and substitutions of units, provided they achieve the intended functionality described herein, are considered to be encompassed within the scope of the present disclosure.
25
[000191] While considerable emphasis has been placed herein on the
disclosed embodiments, it will be appreciated that many embodiments can be made and that many changes can be made to the embodiments without departing from the principles of the present disclosure. These and other changes in the embodiments
30 of the present disclosure will be apparent to those skilled in the art, whereby it is to
be understood that the foregoing descriptive matter to be implemented is illustrative and non-limiting.
61

We Claim:
1. A method for network traffic management, comprising:
receiving, by a receiving unit [202], a set of protocol associated with a second set of network packets corresponding to network traffic, the second set of network packets is stored in a database;
validating, by a validating unit [204], the set of protocols based on a dataset comprising information associated with a plurality of protocols;
decoding, by a decoding unit [206] using one or more protocol decoders, the second set of network packets to extract traffic data from the second set of network packets, wherein the one or more protocol decoders are selected based on the validated set of protocols;
analysing, by an analysing unit [208], the extracted traffic data to atleast one of: identify a set of traffic patterns and calculate one or more performance metrics; and
generating, by a generating unit [210], a report based on the analysis.
2. The method as claimed in claim 1, wherein the method further comprises:
receiving, by the receiving unit [202], a first set of filtering parameters for filtering a first set of network packets corresponding to a network traffic, the first set of filtering parameters comprises at least one protocol associated with the first set of network packets;
retrieving, by a retrieving unit [220], the filtered first set of network packets from at least one source based on the first set of filtering parameters;
identifying, by an identifying unit [214], a type of session based on the at least one protocol;
retrieving, by the retrieving unit [220], at least one identifier associated with the identified type of session;
fetching, by a fetching unit [222], the second set of network packets from the first set of network packets based on the retrieved at least one identifier; and

storing, by a storing unit [218], the second set of network packets in the database.
3. The method as claimed in claim 2, wherein the first set of filtering parameters further comprises at least one of user equipment (UE) identifier (ID), source internet protocol (IP) address, destination IP address, source port number, destination port number, packet length, and time period.
4. The method as claimed in claim 2, wherein the type of session comprises at least one of a hypertext transfer protocol 2 (HTTP2) session, a diameter session, and a packet forwarding control protocol (PFCP) session.
5. The method as claimed in claim 2, wherein the at least one identifier comprises at least one of HTTP2 stream ID, diameter session ID, and PFCP session endpoint identifier (SEID) and fully qualified session identifier (F-SEID).
6. The method as claimed in claim 2, wherein the fetching further comprises performing a reverse lookup to fetch the second set of packets matching the at least one identifier.
7. The method as claimed in claim 1, wherein the method further comprises filtering, by a filtering unit [212], the second set of network packets, wherein the filtering is based on a second set of filtering parameters.
8. The method as claimed in claim 7, wherein the first set of filtering parameters and the second set of filtering parameters are received from a user.
9. The method as claimed in claim 7, wherein the report is generated based on the filtered second set of network packets.

10. The method as claimed in claim 7, wherein the method further comprises storing, by a storing unit [218], the filtered second set of network packets.
11. The method as claimed in claim 1, wherein the one or more performance metrics include at least one of round-trip time (RTT), packet loss rate, retransmission rate, throughput, and latency.
12. The method as claimed in claim 1, wherein validating the protocol associated with each of the second set of network packets comprises checking for at least one of error and anomaly in a packet structure indicative of data corruption.
13. The method as claimed in claim 1, wherein calculating one or more performance metrics includes measuring network latency, packet loss rate, throughput, and data transmission errors.
14. The method as claimed in claim 1, wherein analysing the extracted traffic data is performed in real-time.
15. The method as claimed in claim 1, wherein the set of traffic patterns comprises at least one of distribution of a set of protocols, a packet size, an inter-arrival times, and an occurrence of an event.
16. The method as claimed in claim 1, wherein the analysing further comprises identifying, by an identifying unit [214] using a trained model, at least one of trend, recurrent problem, and potential improvement in network performance.
17. The method as claimed in claim 16, wherein the trained model is trained based on a set of historical traffic data.
18. The method as claimed in claim 1, wherein the report is generated in at least one of JavaScript Object Notation (JSON) format, and an Extensible Markup

Language (XML) format, a packet capture (PCAP) format, and a ladder diagram format.
19. The method as claimed in claim 1, further comprises displaying, by a display unit [216], the generated report through a user interface.
20. The method as claimed in claim 1, wherein the decoding further comprises extracting values for at least one of source IP address, destination IP addresses, port, sequence number, and a flag option.
21. A system for network traffic management, the system comprising:
a receiving unit [202] configured to receive a set of protocol associated with a second set of network packets corresponding to network traffic, the second set of network packets is stored in a database;
a validating unit [204] configured to validate the set of protocols based on a dataset comprising information associated with a plurality of protocols;
a decoding unit [206] configured to decode using one or more protocol decoders, the second set of network packets to extract traffic data from the second set of network packets, wherein the one or more protocol decoders are selected based on the validated set of protocols;
an analysing unit [208] configured to analyse the extracted traffic data to identify a set of traffic patterns and calculate one or more performance metrics; and
a generating unit [210] configured to generate a report based on the analysis.
22. The system as claimed in claim 21, wherein the system further comprises:
the receiving unit [202] is configured to receive a first set of filtering parameters for filtering a first set of network packets corresponding to a network traffic, the first set of filtering parameters comprises at least one protocol associated with the first set of network packets;

a retrieving unit [220] configured to retrieve the filtered first set of network packets from at least one source based on the first set of filtering parameters;
an identifying unit [214] configured to identify a type of session based on the at least one protocol;
the retrieving unit [220] configured to retrieve at least one identifier associated with the identified type of session;
a fetching unit [222] configured to fetch the second set of network packets from the first set of network packets based on the retrieved at least one identifier; and
a storing unit [218] configured to store the second set of network packets in the database.
23. The system as claimed in claim 22, wherein the first set of filtering parameters further comprises at least one of user equipment (UE) identifier (ID), source internet protocol (IP) address, destination IP address, source port number, destination port number, packet length, and time period.
24. The system as claimed in claim 22, wherein the type of session comprises at least one of a hypertext transfer protocol 2 (HTTP2) session, a diameter session, and a packet forwarding control protocol (PFCP) session.
25. The system as claimed in claim 22, wherein the at least one identifier comprises at least one of HTTP2 stream ID, diameter session ID, and PFCP session endpoint identifier (SEID) and fully qualified session identifier (F-SEID).
26. The system as claimed in claim 22, wherein the fetching further comprises performing a reverse lookup to fetch the second set of packets matching the at least one identifier.

27. The system as claimed in claim 21, wherein the system further comprises a filtering unit [212] configured to filter the second set of network packets, wherein the filtering is based on a second set of filtering parameters.
28. The system as claimed in claim 27, wherein the first set of filtering parameters and the second set of filtering parameters are received from a user.
29. The system as claimed in claim 27, wherein the report is generated based on the filtered second set of network packets.
30. The system as claimed in claim 27, wherein the system further comprises storing unit [218] configured to store the filtered second set of network packets.
31. The system as claimed in claim 21, wherein the one or more performance metrics include at least one of round-trip time (RTT), packet loss rate, retransmission rate, throughput, and latency.
32. The system as claimed in claim 21, wherein validating the protocol associated with each of the second set of network packets comprises checking for at least one of error and anomaly in a packet structure indicative of data corruption.
33. The system as claimed in claim 21, wherein calculating one or more performance metrics includes measuring network latency, packet loss rate, throughput, and data transmission errors.
34. The system as claimed in claim 21, wherein analysing the extracted traffic data is performed in real-time.

35. The system as claimed in claim 21, wherein the set of traffic patterns comprises at least one of distribution of a set of protocols, a packet size, an inter-arrival times, and an occurrence of an event.
36. The system as claimed in claim 21, wherein the analysing unit [208] is further configured to identify using a trained model, at least one of trend, recurrent problem, and potential improvement in network performance.
37. The system as claimed in claim 36, wherein trained model is trained based on a set of historical traffic data.
38. The system as claimed in claim 21, wherein the report is generated in at least one of JavaScript Object Notation (JSON) format, and an Extensible Markup Language (XML) format, a packet capture (PCAP) format, and a ladder diagram format.
39. The system as claimed in claim 21, wherein the system further comprises a display unit [216] configured to display the generated report through a user interface.
40. The system as claimed in claim 21, wherein the decoding further comprises extracting values for at least one of source IP address, destination IP addresses, port, sequence number, and a flag option.
41. A user equipment (UE) comprising:
a processor configured to:
receive a set of protocol associated with a second set of network packets corresponding to network traffic, the second set of network packets is stored in a database;
validate the set of protocols based on a dataset comprising information associated with a plurality of protocols;

decode, using one or more protocol decoders, the second set of network packets to extract traffic data from the second set of network packets, wherein the one or more protocol decoders are selected based on the validated set of protocols;
analyse the extracted traffic data to identify a set of traffic patterns and calculate one or more performance metrics; and
generate a report based on the analysis.