Correlating packets in communications networks
DC CAFCFirst Claim
Patent Images
1. A method comprising:
- identifying, by a computing system, a plurality of packets received by a network device from a host located in a first network;
generating, by the computing system, a first plurality of log entries corresponding to the plurality of packets received by the network device;
identifying, by the computing system, a plurality of encrypted packets transmitted by the network device to a host located in a second network;
generating, by the computing system, a second plurality of log entries corresponding to the plurality of encrypted packets transmitted by the network device;
correlating, by the computing system and based on the first plurality of log entries corresponding to the plurality of packets received by the network device and the second plurality of log entries corresponding to the plurality of encrypted packets transmitted by the network device, the plurality of encrypted packets transmitted by the network device with the plurality of packets received by the network device; and
responsive to the correlating of the plurality of encrypted packets transmitted by the network device with the plurality of packets received by the network device;
generating, by the computing system and based on the correlating, one or more rules configured to identify packets received from the host located in the first network; and
provisioning a packet-filtering device with the one or more rules configured to identify packets received from the host located in the first network.
2 Assignments
Litigations
1 Petition
Accused Products
Abstract
A computing system may identify packets received by a network device from a host located in a first network and may generate log entries corresponding to the packets received by the network device. The computing system may identify packets transmitted by the network device to a host located in a second network and may generate log entries corresponding to the packets transmitted by the network device. Utilizing the log entries corresponding to the packets received by the network device and the log entries corresponding to the packets transmitted by the network device, the computing system may correlate the packets transmitted by the network device with the packets received by the network device.
269 Citations
24 Claims
-
1. A method comprising:
-
identifying, by a computing system, a plurality of packets received by a network device from a host located in a first network; generating, by the computing system, a first plurality of log entries corresponding to the plurality of packets received by the network device; identifying, by the computing system, a plurality of encrypted packets transmitted by the network device to a host located in a second network; generating, by the computing system, a second plurality of log entries corresponding to the plurality of encrypted packets transmitted by the network device; correlating, by the computing system and based on the first plurality of log entries corresponding to the plurality of packets received by the network device and the second plurality of log entries corresponding to the plurality of encrypted packets transmitted by the network device, the plurality of encrypted packets transmitted by the network device with the plurality of packets received by the network device; and responsive to the correlating of the plurality of encrypted packets transmitted by the network device with the plurality of packets received by the network device; generating, by the computing system and based on the correlating, one or more rules configured to identify packets received from the host located in the first network; and provisioning a packet-filtering device with the one or more rules configured to identify packets received from the host located in the first network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computing device comprising:
-
at least one processor; and memory comprising instructions that, when executed by the at least one processor, cause the computing device to; identify a plurality of packets received by a network device from a host located in a first network; generate a first plurality of log entries corresponding to the plurality of packets received by the network device; identify a plurality of encrypted packets transmitted by the network device to a host located in a second network; generate a second plurality of log entries corresponding to the plurality of encrypted packets transmitted by the network device; correlate, based on the first plurality of log entries corresponding to the plurality of packets received by the network device and the second plurality of log entries corresponding to the plurality of encrypted packets transmitted by the network device, the plurality of encrypted packets transmitted by the network device with the plurality of packets received by the network device; and responsive to the correlating of the plurality of encrypted packets transmitted by the network device with the plurality of packets received by the network device; generate, based on the correlating, one or more rules configured to identify packets received from the host located in the first network; and provision a packet-filtering device with the one or more rules configured to identify packets received from the host located in the first network. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. One or more non-transitory computer-readable media comprising instructions that, when executed by one or more processors of a computing system, cause the computing system to:
-
identify a plurality of packets received by a network device from a host located in a first network; generate a first plurality of log entries corresponding to the plurality of packets received by the network device; identify a plurality of encrypted packets transmitted by the network device to a host located in a second network; generate a second plurality of log entries corresponding to the plurality of encrypted packets transmitted by the network device; correlate, based on the first plurality of log entries corresponding to the plurality of packets received by the network device and the second plurality of log entries corresponding to the plurality of encrypted packets transmitted by the network device, the plurality of encrypted packets transmitted by the network device with the plurality of packets received by the network device; and responsive to the correlating of the plurality of encrypted packets transmitted by the network device with the plurality of packets received by the network device; generate, based on the correlating, one or more rules configured to identify packets received from the host located in the first network; and provision a packet-filtering device with the one or more rules configured to identify packets received from the host located in the first network. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification