COLLECTING ASYMMETRIC DATA AND PROXY DATA ON A COMMUNICATION NETWORK
First Claim
1. On a network monitoring system (NMS) coupled to a network, a method of collecting a collateral and/or asymmetric data stream on the network, the method comprising:
- receiving a user of interest to be monitored on the network;
collecting a first data stream of the user of interest on the network based on a type of the user of interest;
identifying a type of application being used by the first data stream;
creating a new search term that is specific or unique to an asymmetric data stream associated with the first data stream based on an upper layer of a communication protocol used by the first data stream; and
collecting the asymmetric data associated with the first data stream based on the new search term.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and apparatus for collecting data streams, such as data packets, on a network, such as the Internet, are disclosed. A metadata portion of at least one of the data streams is analyzed on the network and evaluated using a metadata processing engine to identify a relationship between at least two of the plurality of data streams, e.g., a relationship between multiple users of interest, a new user of interest, etc. Evaluation of the metadata and the relationships can be performed algorithmically, as predetermined by an analyst or as provided as preset options by the network monitoring system (NMS). An interface manager can receive the new user of interest, evaluate the new user of interest for redundancy against existing users of interest of the NMS; then communicate the new user of interest to at least one access device to collect data streams associated with the new user of interest.
53 Citations
23 Claims
-
1. On a network monitoring system (NMS) coupled to a network, a method of collecting a collateral and/or asymmetric data stream on the network, the method comprising:
-
receiving a user of interest to be monitored on the network; collecting a first data stream of the user of interest on the network based on a type of the user of interest; identifying a type of application being used by the first data stream; creating a new search term that is specific or unique to an asymmetric data stream associated with the first data stream based on an upper layer of a communication protocol used by the first data stream; and collecting the asymmetric data associated with the first data stream based on the new search term. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 20)
-
-
17. A network monitoring system comprising:
-
an access device for retrieving data from a network; a metadata processing device operative to; identify a type of application being used by the first data stream; create a new search term that is specific or unique to an asymmetric data stream associated with the first data stream based on an upper layer of a communication protocol used by the first data stream; and collect the asymmetric data associated with the first data stream based on the new search term. - View Dependent Claims (18, 19)
-
-
21. A method comprising:
receiving a user of interest to be monitored on the network; collecting a first data stream of the user of interest on the network based on a type of the user of interest; identifying a type of application being used by the first data stream; creating a new search term that is specific or unique to an asymmetric data stream associated with the first data stream based on an upper layer of a communication protocol used by the first data stream, wherein the upper layer of communications is a communication layer 5, 6, or 7, or combination thereof of Open Systems Interconnection (OSI) model; collecting the asymmetric data associated with the first data stream based on the new search term; broadcasting the new search term one or more probes in the NMS in order to search for the new search term across a wider expanse of the network, wherein the new search term is sufficiently accurate or unique to reduce or prevent overcollection, but sufficiently general to capture future changes to application protocol, thereby retaining a legacy search capability; and determining a protocol that is specifically, or is uniquely, applicable to layers 2, 3 or 4 in combination with layer 5-, 6, or 7, or combinations thereof, of OSI model. - View Dependent Claims (22, 23)
Specification