TRAFFIC ANALYSIS OF DATA FLOWS
1 Assignment
0 Petitions
Accused Products
Abstract
A device includes a memory, flow table logic, sampling logic, and a processing unit. The memory is configured to store a flow table that stores, as a number of entries, statistics regarding a number of data flows. The flow table logic is configured to generate records corresponding to data flows for which entries are created in the flow table or removed from the flow table. The sampling logic is configured to select one of the data flows for sampling and sample initial data units for the one of the data flows. The processing unit is configured to receive the records generated by the flow table logic, receive the initial data units sampled by the sampling logic, analyze the initial data units to generate analysis results, correlate the records and the analysis results associated with a same one of the data flows, and store the correlated records and analysis results.
17 Citations
43 Claims
-
1-23. -23. (canceled)
-
24. A system, comprising:
-
a plurality of network devices, each of the plurality of network devices to; aggregate information regarding data flows associated with data units received or transmitted by the network device without impacting throughput of the data units, and output the aggregated information; and a global traffic analyzer, connected to the plurality of network devices, to; collect the aggregated information from each of the plurality of network devices, store the aggregated information, and provide information associated with a user interface, to facilitate searching and retrieval of information from the stored, aggregated information. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
-
31. A non-transitory computer-readable memory device storing instructions that are executable by a processor, the instructions comprising:
-
one or more instructions to collect aggregated information from each of a plurality of network devices, where the aggregated information from a particular one of the network devices includes information regarding data flows associated with data units received or transmitted by the particular network device without impacting throughput of the data units, one or more instructions to store the aggregated information, and one or more instructions to provide information associated with a user interface, to facilitate searching and retrieval of information from the stored, aggregated information. - View Dependent Claims (32, 33, 34, 35, 36, 37)
-
-
38. A method, comprising:
-
collecting, by one or more server devices, aggregated information from each of a plurality of network devices, where the aggregated information from a particular one of the network devices includes information regarding data flows associated with data units received or transmitted by the particular network device without impacting throughput of the data units; storing, by one or more server devices, the aggregated information, and providing, by one or more server devices, information associated with a user interface, to facilitate searching and retrieval of information from the stored, aggregated information. - View Dependent Claims (39, 40, 41, 42, 43)
-
Specification