Managing captured network traffic data

US 20070067450A1
Filed: 08/19/2006
Published: 03/22/2007
Est. Priority Date: 08/19/2005
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a plurality of capture components that are each configured to record network traffic to a capture file, and a management component that is configured to communicate with each of the plurality of capture components, identify at least one capture component based on a first capture condition, and effect an archiving of at least a portion of a capture file recorded by an identified capture component based on a second capture condition.

View all claims

21 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for managing captured network traffic data is provided. The invention comprises a plurality of capture agents, each being configured to capture the network traffic associated with one or more applications. Each application is associated with one or more capture agents according to an application profile that is stored and maintained in a capture server. When analysis of an application'"'"'s network traffic is required, the capture server contacts the corresponding capture agents according to the application profile. The capture server then effects the identification and archiving of the network traffic that corresponds to a user-defined capture condition. A database at the capture server maintains a record that associates the corresponding network traffic with the user-defined capture condition such that the corresponding network traffic can later be retrieved and analyzed using an analysis engine.

Citations

51 Claims

1. A system comprising:
- a plurality of capture components that are each configured to record network traffic to a capture file, and a management component that is configured to communicate with each of the plurality of capture components, identify at least one capture component based on a first capture condition, and effect an archiving of at least a portion of a capture file recorded by an identified capture component based on a second capture condition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, including a database, wherein the management component is further configured to maintain an association of the archived portion of the capture file with the second capture condition in the database.
  - 3. The system of claim 1, wherein the first capture condition is an association with an application.
  - 4. The system of claim 1, wherein the first capture condition is an association with a user.
  - 5. The system of claim 1, wherein the identified capture component is further configured to store the archived portion of the capture file in an archive file separate from the capture file.
  - 6. The system of claim 5, wherein the identified capture component is further configured to store the archive file at the same location as the capture file.
  - 7. The system of claim 5, including a repository, wherein the identified capture component is further configured to transmit the archive file to the repository.
  - 8. The system of claim 1, wherein the identified capture component is further configured to lock the archived portion of the capture file to prevent an overwriting or deletion of the archived portion.
  - 9. The system of claim 1, wherein the management component is further configured to effect a filtering of the network traffic recorded in the archived portion of the capture file.
  - 10. The system of claim 1, including an analytical component that is configured to execute an analysis of the network traffic recorded in the archived portion of the capture file.
  - 11. The system of claim 10, wherein the analysis includes a simulation.
  - 12. The system of claim 1, wherein the second capture condition is a problem description.
  - 13. The system of claim 12, wherein the problem description includes a problem time.
  - 14. The system of claim 1, wherein the management component includes a user interface component that is configured to receive user input, and wherein the second capture condition is based on the user input.
  - 15. The system of claim 14, wherein the user input is a sequence of start and stop commands.
  - 16. The system of claim 1, including a trouble ticketing component that is configured to manage a plurality of trouble tickets corresponding to a plurality of problems.
  - 17. The system of claim 16, wherein the management component includes a notification component that is configured to transmit a notification message to the trouble ticketing component.

18. A method comprising:
- configuring a plurality of capture components, such that each capture component is configured to record network traffic to a capture file, configuring a management component such that the management component is configured to communicate with each of the plurality of capture components, defining a first capture condition, defining a second capture condition, identifying at least one of the capture components based on the first capture condition, archiving at least a portion of a capture file recorded by an identified capture component based on the second capture condition.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 19. The method of claim 18, including maintaining an association of the archived portion of the capture file with the second capture condition in a database.
  - 20. The method of claim 18, wherein the first capture condition is an association with an application.
  - 21. The method of claim 18, wherein the first capture condition is an association with a user.
  - 22. The method of claim 18, including storing the archived portion of the capture file in an archive file separate from the capture file.
  - 23. The method of claim 22, including storing the archive file at the same location as the capture file.
  - 24. The method of claim 22, including transmitting the archive file to a repository.
  - 25. The method of claim 18, including locking the archived portion of the capture file to prevent an overwriting or deletion of the archived portion.
  - 26. The method of claim 18, including filtering the network traffic recorded in the archived portion of the capture file.
  - 27. The method of claim 18, including executing an analysis of the network traffic recorded in the archived portion of the capture file.
  - 28. The method of claim 27, wherein the analysis includes a simulation.
  - 29. The method of claim 18, wherein the second capture condition is a problem description.
  - 30. The method of claim 29, wherein the problem description includes a problem time.
  - 31. The method of claim 18, including providing a user interface that is configured to receive user input, wherein the second capture condition is based on the user input.
  - 32. The method of claim 31, wherein the user input is a sequence of start and stop commands.
  - 33. The method of claim 18, including configuring a trouble ticking component to manage a plurality of trouble tickets corresponding to a plurality of problems.
  - 34. The method of claim 33, transmitting a notification message to the trouble ticketing component.

35. A computer program product stored on a computer readable medium, which, when executed by a processor, causes the processor to:
- instruct each of a plurality of capture components to record network traffic to a capture file, instruct a management component to communicate with each of the plurality of capture components, receive a first capture condition, receive a second capture condition, identify at least one of the capture components based on the first capture condition, archive at least a portion of a capture file recorded by an identified capture component based on the second capture condition.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 36. The computer program product of claim 35, which causes the processor to maintain an association of the archived portion of the capture file with the second capture condition in a database.
  - 37. The computer program product of claim 35, wherein the first capture condition is an association with an application.
  - 38. The computer program product of claim 35, wherein the first capture condition is an association with a user.
  - 39. The computer program product of claim 35, which causes the processor to store the archived portion of the capture file in an archive file separate from the capture file.
  - 40. The computer program product of claim 39, which causes the processor to store the archive file at the same location as the capture file.
  - 41. The computer program product of claim 39, which causes the processor to transmit the archive file to a repository.
  - 42. The computer program product of claim 35, which causes the processor to lock the archived portion of the capture file to prevent an overwriting or deletion of the archived portion.
  - 43. The computer program product of claim 35, which causes the processor to filter the network traffic recorded in the archived portion of the capture file.
  - 44. The computer program product of claim 35, which causes the processor to execute an analysis of the network traffic recorded in the archived portion of the capture file.
  - 45. The computer program product of claim 44, wherein the analysis includes a simulation.
  - 46. The computer program product of claim 35, wherein the second capture condition is a problem description.
  - 47. The computer program product of claim 46, wherein the problem description includes a problem time.
  - 48. The computer program product of claim 35, which causes the processor to provide a user interface that is configured to receive user input, wherein the second capture condition is based on the user input.
  - 49. The computer program product of claim 48, wherein the user input is a sequence of start and stop commands.
  - 50. The computer program product of claim 35, which causes the processor to instruct a trouble ticking component to manage a plurality of trouble tickets corresponding to a plurality of problems.
  - 51. The computer program product of claim 50, which causes the processor to transmit a notification message to the trouble ticketing component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Riverbed Technology, LLC (Riverbed Technology Incorporated)
Original Assignee
OPNET Technologies Incorporated (Riverbed Technology Incorporated)
Inventors
Schneider, Marc, Gehl, Ryan, Malloy, Patrick, Elsner, Russell, Canney, Michael, Nudelman, Eric, Cohen, Marc

Granted Patent

US 8,140,665 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

H04L 43/00   Arrangements for monitoring...

H04L 43/0823   Errors, e.g. transmission e...

H04L 43/106   using time related informat...

Managing captured network traffic data

First Claim

21 Assignments

0 Petitions

Accused Products

Abstract

Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

Managing captured network traffic data

First Claim

21 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links