Method for streaming packet captures from network access devices to a cloud server over HTTP

US 10,454,984 B2
Filed: 05/26/2017
Issued: 10/22/2019
Est. Priority Date: 03/14/2013
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a management server comprising a processor and a memory, configured to manage a plurality of network access devices by;

transmitting a bytecode to at least a portion of the network access devices, the bytecode representing one or more packet captures (PCAPs) filtering rules; and

generating merged PCAPs based on PCAPs captured by at least the portion of the plurality of network devices based on the bytecode;

wherein a PCAP stream received from network access device of the plurality of network access devices includes a PCAP header and a plurality of PCAP packets as a payload of the PCAP stream; and

wherein the PCAP header includes a first timestamp indicating time when a PCAP process of the network access device started.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for streaming packet captures over the Internet includes multiple network access devices, each operating as one of a gateway device, a wireless access point, and a network switch, and a management server communicatively coupled to the network access devices over the Internet for managing the network access devices. The management server maintains a persistent hypertext transport protocol (HTTP) connection with each of the network access devices over the Internet. The management server is to generate a bytecode based on a filtering expression for packet captures (PCAPs) representing one or more PCAPs filtering rules, transmit the bytecode to the network access devices without requiring the network access devices to compile the PCAPs filtering rules, receive PCAPs from the network access devices captured by the network access devices based on the PCAPs filtering rules, and merge the PCAPs received from the network access devices into merged PCAPs.

363 Citations

17 Claims

1. A system, comprising:
- a management server comprising a processor and a memory, configured to manage a plurality of network access devices by;
  
  transmitting a bytecode to at least a portion of the network access devices, the bytecode representing one or more packet captures (PCAPs) filtering rules; and
  
  generating merged PCAPs based on PCAPs captured by at least the portion of the plurality of network devices based on the bytecode;
  
  wherein a PCAP stream received from network access device of the plurality of network access devices includes a PCAP header and a plurality of PCAP packets as a payload of the PCAP stream; and
  
  wherein the PCAP header includes a first timestamp indicating time when a PCAP process of the network access device started.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the management server is configured to transmit the bytecode to at least the portion of the plurality of network access devices without requiring the portion of the plurality of network access devices to compile the PCAPs filtering rules.
  - 3. The system of claim 1, wherein the management server includes a web interface configured to provide a set of network management tools for configuring the plurality of network access devices over the Internet, andwherein the management server is configured to transmit the bytecode based on a filtering expression received via the web interface that specifies how the PCAPs are to be captured.
  - 4. The system of claim 1, wherein the management server maintains a persistent hypertext transport protocol (HTTP) connection with each of the plurality of network access devices.
  - 5. The system of claim 4, wherein each of the plurality of network access devices includes an HTTP server component running therein that communicates with an HTTP client component running within the management server to maintain the HTTP connection.
  - 6. The system of claim 5, wherein the management server is configured to stream the PCAPs a over the Internet via the HTTP connections between the management server and at least the portion of the plurality of network access devices.
  - 7. The system of claim 6, wherein the management server is configured to stream the PCAPs from the HTTP server components of the portion of the plurality of network access devices to the HTTP client component using an HTTP streaming protocol in which the PCAPs are transported in a plurality of HTTP chunks.

8. A method, comprising:
- transmitting, by the management server, a bytecode to at least a portion of a plurality of network access devices, the bytecode representing one or more packet capture (PCAPs) filtering rules; and
  
  generating merged PCAPs based on PCAPs captured by at least the portion of the plurality of network devices based on the bytecode;
  
  wherein a PCAP stream received from network access device of the plurality of network access devices includes a PCAP header and a plurality of PCAP packets as a payload of the PCAP stream; and
  
  wherein the PCAP header includes a first timestamp indicating time when a PCAP process of the network access device started.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein transmitting the bytecode to at least the portion of the network access devices is performed without requiring the portion of the plurality of network access devices to compile the PCAPs filtering rules.
  - 10. The method of claim 8, further comprising:
    - providing a set of network management tools on a web interface for configuring the plurality of network access devices over the Internet, wherein the transmitting transmits the bytecode based on a filtering expression received via the web interface to specify how the PCAPs are to be captured.
  - 11. The method of claim 8, wherein each of the plurality of network access devices includes an HTTP server component running therein that communicates with an HTTP client component running within the management server to maintain the HTTP connection.
  - 12. The method of claim 11, further comprising:
    - streaming the PCAPs from the HTTP server component of each of the portion of the plurality of network access devices to the HTTP client component using an HTTP streaming protocol in which the PCAPs are transported in a plurality of HTTP chunks.

13. A non-transitory machine-readable medium having instructions stored therein, which when executed by one or more processors of a management server, cause the one or more processors to:
- transmit a bytecode to at least a portion of a plurality of network access devices, the bytecode representing one or more packet capture (PCAPs) filtering rules; and
  
  generate merged PCAPs based on PCAPs captured by at least the portion of the plurality of network devices based on the bytecode;
  
  wherein a PCAP stream received from network access device of the plurality of network access devices includes a PCAP header and a plurality of PCAP packets as a payload of the PCAP stream; and
  
  wherein the PCAP header includes a first timestamp indicating time when a PCAP process of the network access device started.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory machine-readable medium of claim 13, wherein the execution of the instructions by the one or more processors causes the processor to transmit the bytecode to at least the portion of the network access devices without requiring the network access devices to compile the PCAPs filtering rules.
  - 15. The non-transitory machine-readable medium of claim 13, wherein the execution of the instructions by the one or more processors causes the processor to,provide a set of network management tools, via a web interface, for configuring the plurality of network access devices over the Internet,transmit the bytecode based on a filtering expression received from the web interface that specifies how the PCAPs are to be captured.
  - 16. The non-transitory machine-readable medium of claim 13, wherein each of the network access devices includes an HTTP server component running therein that communicates with an HTTP client component running within the management server to maintain the HTTP connection.
  - 17. The non-transitory machine-readable medium of claim 16, wherein the execution of the instructions by the one or more processors causes the processor to stream the PCAPs from the HTTP server components of each of the portion of the plurality of network access devices to the HTTP client component using an HTTP streaming protocol in which the PCAPs are transported in a plurality of HTTP chunks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Bicket, John, Chambers, Benjamin A.
Primary Examiner(s)
Doan, Duyen M

Application Number

US15/607,089
Publication Number

US 20170264663A1
Time in Patent Office

879 Days
Field of Search

709223-225, 709219
US Class Current
CPC Class Codes

H04L 41/0246   Exchanging or transporting ...

H04L 43/028   by filtering

H04L 43/04   Processing captured monitor...

H04L 49/25   Routing or path finding in ...

H04L 63/0227   Filtering policies mail mes...

H04L 65/762   at the source reformatting...

H04L 67/02   based on web technology, e....

H04L 9/40   Network security protocols

Method for streaming packet captures from network access devices to a cloud server over HTTP

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

363 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method for streaming packet captures from network access devices to a cloud server over HTTP

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

363 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links