Device for enabling trap and trace of internet protocol communications
First Claim
1. A network processing system for use in a network and operable to intercept communications flowing over the network, the network passing a plurality of data packets, which form a plurality of flows, the network processing system comprising:
- a learning state machine operable to identify characteristics of one or more of the flows and to compare the characteristics to a database of known signatures, one or more of the known signatures representing a search criteria, wherein when one or more characteristics of one or more of the flows matches the search criteria the learning state machine intercepts the flow by capturing information related to the flow.
3 Assignments
0 Petitions
Accused Products
Abstract
A network processing system is described that is able to monitor IP network traffic, including the ability to perform trap and trace on IP communications flowing over the IP network. The network processing system is able to scan the entire contents of data packets passing through it, and to associate related data packets into discrete sessions, or flows, which allows the network processing system to search for predetermined search criteria contained within those flows. If a flow is found to contain a predetermined search criteria, the network processing system is able to maintain a record of the flow or to replicate the flow and save it or send it to another IP address for monitoring. The monitoring of a flow can include the entire contents of the flow, or any subset of information in the flow such as call identifying information.
-
Citations
28 Claims
-
1. A network processing system for use in a network and operable to intercept communications flowing over the network, the network passing a plurality of data packets, which form a plurality of flows, the network processing system comprising:
a learning state machine operable to identify characteristics of one or more of the flows and to compare the characteristics to a database of known signatures, one or more of the known signatures representing a search criteria, wherein when one or more characteristics of one or more of the flows matches the search criteria the learning state machine intercepts the flow by capturing information related to the flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 18, 19)
-
10. (Canceled)
-
11. (Canceled)
-
12. (Canceled)
-
13. (Canceled)
-
14. (Canceled)
-
15. (Canceled)
-
16. (Canceled)
-
17. (Canceled)
-
20. A method for intercepting communications flowing over a network, the network passing a plurality of data packets which form a plurality of flows, the method comprising:
-
receiving a flow from the one or more flows passing over the network;
comparing the flow to a database of known signatures, one or more of the signatures representing a search criteria;
intercepting capturing of information related to the flow when one or more characteristics of the flow matches the search criteria. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
Specification