TCP data reassembly
First Claim
1. A method for processing computer network data, said method comprising the steps of:
- receiving a stream of data at a first device, said stream comprising at least a first data frame, said first data frame having been sent from a second device to a third device, and said first data frame containing a payload section and at least one header section;
classifying the first data frame as containing one of a TCP/IP segment, a UDP/IP datagram, a non-TCP/UDP IP packet, and a non-IP packet;
supplying a monitoring application with a copy of the first data frame and sending the first data frame to the third device from the first device when the first data frame is classified as containing a non-IP packet;
checking an associated header checksum for validity when the first data frame is classified as containing one of a UDP/IP datagram and non-TCP/UDP IP packet, supplying a monitoring application with a copy of a payload section associated with the first data frame, and sending the first data frame to the third device from the first device when the UDP header checksum is valid; and
checking an associated TCP header checksum for validity, when the first data frame is classified as containing a TCP/IP segment, and sending the first data frame to the third device from the first device and comparing an actual TCP header sequence number with an expected TCP header sequence number when the TCP header checksum is valid, and,supplying the monitoring application with a copy of the TCP/IP segment when no gap exists between the actual TCP header sequence number and the expected TCP header sequence number, andstoring the first data frame when a sequence gap exists between the actual TCP header sequence number and the expected TCP header sequence number.
1 Assignment
0 Petitions
Accused Products
Abstract
Method and apparatus for processing computer network data. An embodiment of the invention comprises a first device for receiving a stream of data, said stream comprising at least a first data frame, said first data frame having been sent from a second device 101 to a third device 201, the first data frame containing a payload section and at least one header section, the first device comprising: a TCP data reassembly apparatus 10 communicatively coupled to a monitoring application 16 and a memory 14. The TCP data reassembly apparatus 10 is adapted to receive the stream of data and classify the first data frame as containing one of a TCP/IP segment, a UDP/IP datagram, a non-TCP/UDP IP packet, and a non-IP packet; supply the monitoring application 16 with a copy of the first data frame and send the first data frame to the third device 201 from the first device 101 when the first data frame is classified as containing one of a non-TCP/UDP IP packet and a non-IP packet. The TCP data reassembly apparatus 10 is also adapted to check an associated UDP header checksum for validity when the first data frame is classified as containing a UDP/IP datagram and supply the monitoring application 16 with a copy of the first data frame and send the first data frame to the third device from the first device 101 when the UDP header checksum is valid. The TCP data reassembly apparatus 10 is further adapted to check an associated TCP header checksum for validity when the first data frame is classified as containing a TCP/IP segment, and send the first data frame to the third device 201 from the first device 101 and compare an actual TCP header sequence number with an expected TCP header sequence number when the associated TCP header checksum is valid; and supply the monitoring application 16 with a copy of the TCP/IP segment when no gap exists between the sequence number and the expected sequence number, and, store the first data frame in the memory 14 when a sequence gap exists between the actual TCP header sequence number and the expected TCP header sequence number.
-
Citations
11 Claims
-
1. A method for processing computer network data, said method comprising the steps of:
-
receiving a stream of data at a first device, said stream comprising at least a first data frame, said first data frame having been sent from a second device to a third device, and said first data frame containing a payload section and at least one header section; classifying the first data frame as containing one of a TCP/IP segment, a UDP/IP datagram, a non-TCP/UDP IP packet, and a non-IP packet; supplying a monitoring application with a copy of the first data frame and sending the first data frame to the third device from the first device when the first data frame is classified as containing a non-IP packet; checking an associated header checksum for validity when the first data frame is classified as containing one of a UDP/IP datagram and non-TCP/UDP IP packet, supplying a monitoring application with a copy of a payload section associated with the first data frame, and sending the first data frame to the third device from the first device when the UDP header checksum is valid; and checking an associated TCP header checksum for validity, when the first data frame is classified as containing a TCP/IP segment, and sending the first data frame to the third device from the first device and comparing an actual TCP header sequence number with an expected TCP header sequence number when the TCP header checksum is valid, and, supplying the monitoring application with a copy of the TCP/IP segment when no gap exists between the actual TCP header sequence number and the expected TCP header sequence number, and storing the first data frame when a sequence gap exists between the actual TCP header sequence number and the expected TCP header sequence number. - View Dependent Claims (2)
-
-
3. Apparatus for processing computer network data, said apparatus comprising:
-
a first device for receiving a stream of data, said stream comprising at least a first data frame, said first data frame having been sent from a second device to a third device, the first data frame containing a payload section and at least one header section, the first device comprising; a TCP data reassembly apparatus communicatively coupled to a monitoring application and a memory, said TCP data reassembly apparatus adapted to receive the stream of data and classify the first data frame as containing one of a TCP/IP segment, a UDP/IP datagram, a non-TCP/UDP IP packet, and a non-IP packet; supply the monitoring application with a copy of the first data frame and send the first data frame to the third device from the first device when the first data frame is classified as containing one of a non-TCP/UDP IP packet and a non-IP packet; check an associated header checksum for validity when the first data frame is classified as containing one of a UDP/IP datagram and non-TCP/UDP IP packet, supply the monitoring application with a copy of a payload section associated with the first data frame, and send the first data frame to the third device from the first device when the UDP header checksum is valid; and check an associated TCP header checksum for validity when the first data frame is classified as containing a TCP/IP segment, and send the first data frame to the third device from the first device and compare an actual TCP header sequence number with an expected TCP header sequence number when the associated TCP header checksum is valid; and supply the monitoring application with a copy of the TCP/IP segment when no gap exists between the sequence number and the expected sequence number, and, store the first data frame in the memory when a sequence gap exists between the actual TCP header sequence number and the expected TCP header sequence number. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11)
-
Specification