Capture file format system and method for a network analyzer
First Claim
Patent Images
1. The method as recited in claim 4, wherein the network traffic information is selected from the group consisting of total packet information relating to a total number of packets associated with the network traffic, total byte information relating to a total number of bytes associated with the network traffic, and network utilization information relating to network utilization associated with the network traffic.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided for analyzing a network. Initially, network traffic information relating to network traffic is collected. Next, the network traffic information is encrypted. In use, the network traffic information is capable of being analyzed by a network analyzer adapted for decrypting the network traffic information.
57 Citations
26 Claims
-
1. The method as recited in claim 4, wherein the network traffic information is selected from the group consisting of total packet information relating to a total number of packets associated with the network traffic, total byte information relating to a total number of bytes associated with the network traffic, and network utilization information relating to network utilization associated with the network traffic.
-
2. The method as recited in claim 1, wherein the network traffic information includes total packet information relating to a total number of packets associated with the network traffic, total byte information relating to a total number of bytes associated with the network traffic, and network utilization information relating to network utilization associated with the network traffic.
-
3. The method as recited in claim 1, wherein the network traffic information is compressed before being encrypted.
-
4. A method for analyzing a network, comprising:
-
collecting network traffic information relating to network traffic; and
encrypting the network traffic information;
wherein the network traffic information is capable of being analyzed by a network analyzer adapted for decrypting the network traffic information;
wherein the network traffic information is compressed;
wherein the network traffic information includes a format including a compression header having a compression algorithm field with a compression algorithm used for compressing the network traffic information.
-
-
5. The method as recited in claim 1, wherein the compression header further includes a compression parameter field, a pre-compression buffer size field, a post-compression buffer size field, a compression time field, and a reserved field.
-
6. The method as recited in claim 1, wherein the compression header further includes fields selected from the group consisting of a compression parameter field, a pre-compression buffer size field, a post-compression buffer size field, a compression time field, and a reserved field.
-
7. The method as recited in claim 1, and further comprising writing the encrypted network traffic information to memory.
-
8. The method as recited in claim 7, and further comprising reading the encrypted network traffic information from the memory utilizing the network analyzer capable of decrypting the network traffic information.
-
9. The method as recited in claim 8, and further comprising analyzing the decrypted network traffic information.
-
10. The method as recited in claim 4, wherein the network traffic information is encrypted utilizing one of a plurality of keys.
-
11. A method for analyzing a network, comprising:
-
collecting network traffic information relating to network traffic; and
encrypting the network traffic information;
wherein the network traffic information is capable of being analyzed by a network analyzer adapted for decrypting the network traffic information;
wherein the network traffic information includes a format including an encryption header having an encryption field with an encryption algorithm used for encrypting the network traffic information.
-
-
12. The method as recited in claim 11, wherein the encryption header further includes a key number field, a key length field, a block size field, a pre-encryption buffer length field, a post-encryption buffer length field, a compressed indicator field, a buffer encryption field, an encryption time field, and a reserved field.
-
13. The method as recited in claim 11, wherein the encryption header further includes fields selected from the group consisting of a key number field, a key length field, a block size field, a pre-encryption buffer length field, a post-encryption buffer length field, a compressed indicator field, a buffer encryption field, an encryption time field, and a reserved field.
-
14. The method as recited in claim 4, and further comprising receiving an indication from a user as to whether the network traffic information is to be compressed.
-
15. The method as recited in claim 14, and further comprising compressing the network traffic information upon receiving the indication from the user to compress the network traffic information.
-
16. A computer program product embodied on a computer readable medium for analyzing a network, comprising:
-
(a) computer code for collecting network traffic information relating to network traffic; and
(b) computer code for encrypting the network traffic information;
(c) wherein the network traffic information is capable of being analyzed by a network analyzer adapted for decrypting the network traffic information;
wherein the network traffic information includes a format including an encryption header having an encryption field with an encryption algorithm used for encrypting the network traffic information.
-
-
17. A system for analyzing a network, comprising:
-
(a) logic for collecting network traffic information relating to network traffic; and
(b) logic for encrypting the network traffic information;
(c) wherein the network traffic information is capable of being analyzed by a network analyzer adapted for decrypting the network traffic information;
wherein the network traffic information includes a format including an encryption header having an encryption field with an encryption algorithm used for encrypting the network traffic information.
-
-
18. A system for analyzing a network, comprising:
-
(a) means for collecting network traffic information relating to network traffic; and
(b) means for encrypting the network traffic information;
(c) wherein the network traffic information is capable of being analyzed by a network analyzer adapted for decrypting the network traffic information;
wherein the network traffic information includes a format including an encryption header having an encryption field with an encryption algorithm used for encrypting the network traffic information.
-
-
19. A data structure stored in a computer readable medium for analyzing a network, comprising:
-
(a) a data object embodied on a computer readable medium for containing network traffic information relating to network traffic, wherein the data object is encrypted; and
(b) an encryption object for describing the encryption of the network traffic information in the data object;
wherein the network traffic information includes a format including an encryption header having an encryption field with an encryption algorithm used for encrypting the network traffic information.
-
-
20. A method for analyzing a network, comprising:
-
(a) reading encrypted network traffic information relating to network traffic;
(b) decrypting the network traffic information; and
(c) analyzing the network traffic utilizing the decrypted network traffic information;
wherein the network traffic information includes a format including an encryption header having an encryption field associated with an encryption algorithm used for encrypting the network traffic information.
-
-
21. A method for analyzing a network, comprising:
-
(a) collecting network traffic information relating to network traffic, wherein the network traffic information is selected from the group consisting of total packet information relating to a total number of packets associated with the network traffic, total byte information relating to a total number of bytes associated with the network traffic, and network utilization information relating to network utilization associated with the network traffic;
(b) receiving an indication from a user as to whether the network traffic information is to be compressed;
(c) compressing the network traffic information upon receiving the indication from the user to compress the network traffic information, wherein the network traffic information includes a format including a compression header having a compression algorithm field with a compression algorithm used for compressing the network traffic information, and the compression header further includes a compression parameter field, a pre-compression buffer size field, a post-compression buffer size field, a compression time field, and a reserved field;
(d) encrypting the network traffic information, wherein the network traffic information includes a format including an encryption header having an encryption field with an encryption algorithm used for encrypting the network traffic information, and the encryption header further includes a key number field, a key length field, a block size field, a pre-encryption buffer length field, a post-encryption buffer length field, a compressed indicator field, a buffer encryption field, an encryption time field, and a reserved field;
(e) writing the encrypted network traffic information to memory;
(f) reading the encrypted network traffic information from the memory;
(g) decrypting the network traffic information utilizing the encryption header;
(h) receiving an indication from the compression header as to whether the network traffic information is to be decompressed;
(i) decompressing the network traffic information utilizing the compression header upon receiving the indication to decompress the network traffic information; and
(j) analyzing the network traffic information.
-
-
22. A computer program product embodied on a computer readable medium for analyzing a network, comprising:
-
computer code for reading encrypted network traffic information relating to network traffic;
computer code for decrypting the network traffic information; and
computer code for analyzing the network traffic utilizing the decrypted network traffic information;
wherein the network traffic information includes a format including an encryption header having an encryption field associated with an encryption algorithm used for encrypting the network traffic information.
-
-
23. The computer program product as recited in claim 22, wherein the network traffic is analyzed at a plurality of layers.
-
24. The computer program product as recited in claim 22, wherein the network is analyzed for determining reasons why a network performance is slow.
-
25. The computer program product as recited in claim 22, wherein the network is analyzed for understanding excessive traffic.
-
26. The computer program product as recited in claim 22, wherein the network is analyzed for gaining visibility into various parts of the network.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeNetwork General Technology
-
Original AssigneeNetworks Associates Technology, Inc. (McAfee, LLC)
-
InventorsCafarelli, Dominick A., Yildiz, Kazim O.
-
Primary Examiner(s)Barrón, Gilberto
-
Assistant Examiner(s)Gurshman, Grigory
-
Application NumberUS10/071,572Time in Patent Office879 DaysField of Search713/201US Class Current726/22CPC Class CodesH04L 41/24 using dedicated network man...H04L 43/18 Protocol analysersH04L 63/0428 wherein the data content is...
