Device for enabling trap and trace of internet protocol communications
First Claim
1. A network processing system for use in a network and operable to intercept communications flowing over the network, the network passing a plurality of data packets, which form a plurality of flows, the network processing system comprising:
- a learning state machine operable to identify characteristics of one or more of the flows and to compare the characteristics to a database of known signatures, one or more of the known signatures representing a search criteria, wherein when one characteristics of one or more of the flows matches the search criteria the learning state machine intercepts the flow.
5 Assignments
0 Petitions
Accused Products
Abstract
A network processing system is described that is able to monitor IP network traffic, including the ability to perform trap and trace on IP communications flowing over the IP network. The network processing system is able to scan the entire contents of data packets passing through it, and to associate related data packets into discrete sessions, or flows, which allows the network processing system to search for predetermined search criteria contained within those flows. If a flow is found to contain a predetermined search criteria, the network processing system is able to maintain a record of the flow or to replicate the flow and save it or send it to another IP address for monitoring. The monitoring of a flow can include the entire contents of the flow, or any subset of information in the flow such as call identifying information.
-
Citations
17 Claims
-
1. A network processing system for use in a network and operable to intercept communications flowing over the network, the network passing a plurality of data packets, which form a plurality of flows, the network processing system comprising:
a learning state machine operable to identify characteristics of one or more of the flows and to compare the characteristics to a database of known signatures, one or more of the known signatures representing a search criteria, wherein when one characteristics of one or more of the flows matches the search criteria the learning state machine intercepts the flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A network processing system for use in a network, the network consisting of multiple flows each flow formed by multiple data packets, the network processing system operable to intercept selected flows in the network and comprising:
a learning state machines further comprising;
a traffic flow processor processing the data packets to associate each data packet with a particular flow, to maintain state for each flow, and to compare one or more flows to a database of known signatures, the data base of known signatures including predetermined search criteria such that a match with the predetermined search criteria within the database of known signatures causes the network processing system to monitor the flow;
a quality of service processor communicating with the traffic flow processor, the quality of service processor operable to assign the data packets into a quality of service queue corresponding to the associated flow. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
Specification