Method and system for reassembling packets prior to searching
First Claim
1. A method for inspecting a data packet stream in a computer network for patterns that fall across data packet boundaries comprising:
- determining if two or more data packets are consecutive in the data packet stream;
combining data payloads from the consecutive data packets; and
analyzing the combined data payloads from the consecutive data packets for a plurality of patterns of character combinations, wherein the maximum length of the combined data payloads is one less than the maximum number of characters for a pattern having a longest length of the plurality of patterns of character combinations.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for inspecting a data packet stream in a computer network for patterns that fall across data packet boundaries is disclosed. This includes determining if two or more data packets are consecutive in the data packet stream, combining data payloads from the consecutive data packets, and analyzing the combined data payloads from the consecutive data packets for a plurality of patterns of character combinations, wherein the maximum length of the combined data payloads is one less than the maximum number of characters for a pattern having a longest length of the plurality of patterns of character combinations. This can include a content searching engine and/or a regular expression engine. There are optional aspects to return data packets to an outgoing data stream based on predetermined criteria and if the data packets are in the system for over a predetermined time period.
-
Citations
46 Claims
-
1. A method for inspecting a data packet stream in a computer network for patterns that fall across data packet boundaries comprising:
-
determining if two or more data packets are consecutive in the data packet stream;
combining data payloads from the consecutive data packets; and
analyzing the combined data payloads from the consecutive data packets for a plurality of patterns of character combinations, wherein the maximum length of the combined data payloads is one less than the maximum number of characters for a pattern having a longest length of the plurality of patterns of character combinations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for inspecting a data packet stream in a computer network for patterns that fall across data packet boundaries comprising:
-
determining if two or more data packets are consecutive in the data packet stream by reviewing communication protocol connections for the plurality of data packets, wherein the communication protocol connections include a destination address, a destination port number, a source address, a source port number and a type of communication protocol;
combining data payloads from the consecutive data packets; and
analyzing the combined data payloads from the consecutive data packets for a plurality of patterns of character combinations with at least one of a content search engine and a regular expression engine, wherein the maximum length of the combined data payloads is one less than the maximum number of characters for a pattern having a longest length of the plurality of patterns of character combinations.
-
-
24. A system for inspecting a data packet stream for patterns that fall across data packet boundaries comprising:
-
a data packet analyzer that receives an incoming stream of data packets and determines if two or more data packets are consecutive;
a multiple packet signature scanner that combines data payloads from the consecutive data packets; and
a data pattern analyzer for reviewing combined data payloads from the consecutive data packets for a plurality of patterns of character combinations, wherein the maximum length of the combined data payloads is one less than the maximum number of characters for a pattern having a longest length of the plurality of patterns of character combinations. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. A system for inspecting a data packet stream for patterns that fall across data packet boundaries comprising:
-
a data packet analyzer that receives an incoming stream of data packets and determines if two or more data packets are consecutive by reviewing communication protocol connections;
a multiple packet signature scanner that combines data payloads from the consecutive data packets in a buffer; and
a data pattern analyzer for reviewing combined data payloads from the consecutive data packets for a plurality of patterns of character combinations, wherein the maximum length of the combined data payloads is one less than the maximum number of characters for a pattern having a longest length of the plurality of patterns of character combinations, wherein the data pattern analyzer includes a content searching engine and a regular expression engine. - View Dependent Claims (45, 46)
-
Specification