Method for streaming packet captures from network access devices to a cloud server over HTTP
First Claim
1. A system, comprising:
- a management server comprising a processor and a memory, configured to manage a plurality of network access devices by;
transmitting a bytecode to at least a portion of the network access devices, the bytecode representing one or more packet captures (PCAPs) filtering rules; and
generating merged PCAPs based on PCAPs captured by at least the portion of the plurality of network devices based on the bytecode;
wherein a PCAP stream received from network access device of the plurality of network access devices includes a PCAP header and a plurality of PCAP packets as a payload of the PCAP stream; and
wherein the PCAP header includes a first timestamp indicating time when a PCAP process of the network access device started.
0 Assignments
0 Petitions
Accused Products
Abstract
A system for streaming packet captures over the Internet includes multiple network access devices, each operating as one of a gateway device, a wireless access point, and a network switch, and a management server communicatively coupled to the network access devices over the Internet for managing the network access devices. The management server maintains a persistent hypertext transport protocol (HTTP) connection with each of the network access devices over the Internet. The management server is to generate a bytecode based on a filtering expression for packet captures (PCAPs) representing one or more PCAPs filtering rules, transmit the bytecode to the network access devices without requiring the network access devices to compile the PCAPs filtering rules, receive PCAPs from the network access devices captured by the network access devices based on the PCAPs filtering rules, and merge the PCAPs received from the network access devices into merged PCAPs.
363 Citations
17 Claims
-
1. A system, comprising:
-
a management server comprising a processor and a memory, configured to manage a plurality of network access devices by; transmitting a bytecode to at least a portion of the network access devices, the bytecode representing one or more packet captures (PCAPs) filtering rules; and generating merged PCAPs based on PCAPs captured by at least the portion of the plurality of network devices based on the bytecode; wherein a PCAP stream received from network access device of the plurality of network access devices includes a PCAP header and a plurality of PCAP packets as a payload of the PCAP stream; and wherein the PCAP header includes a first timestamp indicating time when a PCAP process of the network access device started. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
transmitting, by the management server, a bytecode to at least a portion of a plurality of network access devices, the bytecode representing one or more packet capture (PCAPs) filtering rules; and generating merged PCAPs based on PCAPs captured by at least the portion of the plurality of network devices based on the bytecode; wherein a PCAP stream received from network access device of the plurality of network access devices includes a PCAP header and a plurality of PCAP packets as a payload of the PCAP stream; and wherein the PCAP header includes a first timestamp indicating time when a PCAP process of the network access device started. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A non-transitory machine-readable medium having instructions stored therein, which when executed by one or more processors of a management server, cause the one or more processors to:
-
transmit a bytecode to at least a portion of a plurality of network access devices, the bytecode representing one or more packet capture (PCAPs) filtering rules; and generate merged PCAPs based on PCAPs captured by at least the portion of the plurality of network devices based on the bytecode; wherein a PCAP stream received from network access device of the plurality of network access devices includes a PCAP header and a plurality of PCAP packets as a payload of the PCAP stream; and wherein the PCAP header includes a first timestamp indicating time when a PCAP process of the network access device started. - View Dependent Claims (14, 15, 16, 17)
-
Specification