Method and apparatus for surveillance in communications networks

US 6,026,442 A
Filed: 11/24/1997
Issued: 02/15/2000
Est. Priority Date: 11/24/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method of monitoring data transmitted between nodes in a network, the method comprising steps of:

(a) receiving, in real-time, data transmitted in the network;

(b) analyzing, in real-time, the received data and identifying subsequent particular data and first and second nodes to be monitored;

(b1) reconfiguring the network so that at least one identified node on the network, different from the first and second nodes, receives the identified particular data;

(c) monitoring, in real-time, the identified subsequent particular data at the particular node; and

(d) storing the monitored subsequent particular data in a storage device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Control of network surveillance in communications networks is accomplished by dividing the surveillance task into two sub-tasks. The first sub-task automatically identifies communications within the network which are to be monitored. Such identification is accomplished by the application of a reasoning system to data received from the network. The identification of the data to be monitored is received by the second sub-task along with network topology information. The second sub-task also applies a reasoning system to this data in order to configure probes and switches within the network so that the identified data can be captured.

Citations

27 Claims

1. A method of monitoring data transmitted between nodes in a network, the method comprising steps of:
- (a) receiving, in real-time, data transmitted in the network;
  
  (b) analyzing, in real-time, the received data and identifying subsequent particular data and first and second nodes to be monitored;
  
  (b1) reconfiguring the network so that at least one identified node on the network, different from the first and second nodes, receives the identified particular data;
  
  (c) monitoring, in real-time, the identified subsequent particular data at the particular node; and
  
  (d) storing the monitored subsequent particular data in a storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as recited in claim 1, wherein step (b) comprises a step of:
    - applying a reasoning operation to the received data to identify the particular data.
  - 3. The method as recited in claim 2, wherein the reasoning operation is a rule-based operation.
  - 4. The method as recited in claim 1, wherein the received data comprises identification of a source of the received data and identification of a destination of the received data.
  - 5. The method as recited in claim 4, wherein the received data further comprises:
    - at least one of a protocol and a volume of data associated with the source and destination.
  - 6. The method as recited in claim 4, wherein step (b) comprises steps of:
    - applying a rule-based operation to the received data to identify the at least one identified node to receive and monitor the subsequent particular data, a time period for the monitoring, and a level of the monitoring.
  - 7. The method as recited in claim 6, further comprising at least one step of:
    - monitoring identified subsequent particular data delivered to at least one of the first and second nodes;
      
      monitoring identified subsequent particular data sent from at least one of the first and second nodes; and
      
      monitoring identified subsequent particular data sent between at least one of the first and second nodes.
  - 8. The method as recited in claim 6, wherein the level of monitoring comprises at least one of:
    - counting a number of data units;
      
      determining a type of protocol used; and
      
      determining a content of the particular data.

9. An apparatus for monitoring data transmitted between nodes in a network, the apparatus comprising:
- means for receiving, in real-time, data transmitted in the network;
  
  means, connected to the receiving means, for analyzing, in real-time, the received data and for identifying subsequent particular data and first and second nodes for monitoring;
  
  means, connected to the analyzing and identifying means, for reconfiguring the network so that at least one identified node on the network, different from the first and second nodes, receives the identified subsequent particular data in the network; and
  
  means for storing the monitored particular data.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The apparatus as recited in claim 9, wherein the analyzing and identifying means comprise:
    - means for applying a rule-based reasoning operation to the received data to identify the particular data.
  - 11. The apparatus as recited in claim 10, wherein the monitoring means comprise:
    - means for applying a constraint-based reasoning operation to monitor identified subsequent particular data.
  - 12. The apparatus as recited in claim 10, wherein the received data comprises identification of a source of the received data and identification of a destination of the received data.
  - 13. The apparatus as recited in claim 12, wherein the received data further comprises at least one of a protocol and volume of data associated with the source and destination.
  - 14. The apparatus as recited in claim 11, wherein the means for analyzing determines at least one of:
    - the at least one node in the network to perform the monitoring;
      
      a time period during which the monitoring is to occur; and
      
      a level of the monitoring.
  - 15. The apparatus as recited in claim 9, wherein the means for analyzing determines at least one of:
    - means for identifying at least one of the first and second nodes whose output data is to be monitored;
      
      means for identifying at least one of the first and second nodes where all data directed to the identified first and second node is to be monitored; and
      
      means for identifying the first and second nodes wherein all data between the first and second nodes is to be monitored.

16. An apparatus for monitoring data communications in a network, the apparatus comprising:
- a first reasoning agent, having a first input to receive accounting data from the network and a second input to receive first reasoning parameters, for generating and outputting identification data by applying the first reasoning parameters to the accounting data according to a first reasoning operation; and
  
  a second reasoning agent, having a third input to receive the identification data from the first reasoning agent, a fourth input to receive second reasoning parameters and a fifth input to receive network topology data, for generating and outputting probe control data to reconfigure the network by applying the second reasoning parameters to the identification data and the network topology data according to a second reasoning operation.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus according to claim 16, wherein the identification data comprises at least one of:
    - data identifying at least one node in the network to monitor;
      
      data identifying a time period during which monitoring of the at least one identified node is to occur; and
      
      data indicating a level of the monitoring.
  - 18. The apparatus according to claim 16, wherein the probe control data comprises:
    - network switch configuration data.
  - 19. The apparatus according to claim 16, wherein the first reasoning operation is a rule-based operation and the second reasoning operation is a constraint-based operation.
  - 20. The apparatus according to claim 16, wherein each of the first and second reasoning agents comprises:
    - a processing unit; and
      
      a memory unit coupled to the processing unit, the memory unit storing a program according to the respective reasoning operation.

21. An apparatus for monitoring data communications in a network, the apparatus comprising:
- a first reasoning agent for identifying data communications within the network to be monitored; and
  
  a second reasoning agent, coupled to the first reasoning agent, for reconfiguring at least one switch within the network to redirect the identified data communications.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The apparatus as recited in claim 21, wherein:
    - the first reasoning agent receives accounting data from the network and outputs identification data by applying a first reasoning operation.
  - 23. The apparatus as recited in claim 22, wherein:
    - the second reasoning agent receives the identification data from the first reasoning agent and outputs probe control data by applying a second reasoning operation.
  - 24. The apparatus according to claim 23, wherein the identification data comprises at least one of:
    - data identifying at least one node in the network to monitor;
      
      data identifying a time period during which monitoring of the at least one identified node is to occur; and
      
      data indicating a level of the monitoring.
  - 25. The apparatus according to claim 23, wherein the probe control data comprises:
    - network switch configuration data.
  - 26. The apparatus according to claim 23, wherein the first reasoning operation is a rule-based operation and the second reasoning operation is a constraint-based operation.
  - 27. The apparatus according to claim 23, wherein each of the first and second reasoning agents comprises:
    - a processing unit; and
      
      a memory unit coupled to the processing unit, the memory unit storing a program according to the respective reasoning operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Original Assignee
Cabletron Systems Incorporated (Extreme Networks, Inc.)
Inventors
Spargo, Glenn, Lewis, Lundy, Datta, Utpal
Primary Examiner(s)
Dinh, Dung C.
Assistant Examiner(s)
TITCOMB, WILLIAM D

Application Number

US08/976,866
Time in Patent Office

813 Days
Field of Search

709/200, 709/226, 709/224, 709/229, 370/250, 370/254
US Class Current

709/229
CPC Class Codes

H04L 43/00   Arrangements for monitoring...

H04L 43/0817   by checking functioning

H04L 43/12   Network monitoring probes

Method and apparatus for surveillance in communications networks

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for surveillance in communications networks

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links