Method and system for network traffic analysis with configuration enhancements
First Claim
1. A system for network traffic analysis comprising:
- a classification engine operable to parse received frames, each frame comprising a plurality of layers of protocols and each frame having a type corresponding to an application layer protocol, and to provide pre-analysis of the received frames to generate classification information on a flow-basis and on a per packet-basis;
a filter processing engine operable to reduce the received frames based on a type of each frame indicated by the generated classification information to form information representing filtered frames; and
an analysis block operable to perform detailed analysis on layers of protocols of the filtered frames and generate objects representing the analysis, wherein the filter processing engine and the analysis block enable analysis of the received frames in different modes, including;
a first mode wherein the filter processing engine reduces the received frames by passing only specified types of frames and the analysis block performs detailed analysis on all layers of protocols of the filtered frames;
a second mode wherein the filter processing engine passes all types of frames and the analysis block performs detailed analysis on only specified layers of protocols of the filtered frames; and
a third mode wherein the filter processing engine reduces the received frames by passing only specified types of frames and the analysis block performs detailed analysis on only specified layers of protocols of the filtered frames.
3 Assignments
0 Petitions
Accused Products
Abstract
A system for network traffic analysis comprises a classification engine operable to parse received frames, each frame comprising a plurality of layers of protocols and each frame having a type corresponding to a highest layer protocol or network address of the frame, and to provide pre-analysis of the received frames to generate classification information on a flow-basis and on a per packet-basis, a filter processing engine operable to reduce the received frames based on a type of each frame indicated by the generated classification information to form information representing filtered frames and an analysis block operable to perform detailed analysis on layers of protocols of the filtered frames and generate objects representing the analysis.
-
Citations
8 Claims
-
1. A system for network traffic analysis comprising:
-
a classification engine operable to parse received frames, each frame comprising a plurality of layers of protocols and each frame having a type corresponding to an application layer protocol, and to provide pre-analysis of the received frames to generate classification information on a flow-basis and on a per packet-basis; a filter processing engine operable to reduce the received frames based on a type of each frame indicated by the generated classification information to form information representing filtered frames; and an analysis block operable to perform detailed analysis on layers of protocols of the filtered frames and generate objects representing the analysis, wherein the filter processing engine and the analysis block enable analysis of the received frames in different modes, including; a first mode wherein the filter processing engine reduces the received frames by passing only specified types of frames and the analysis block performs detailed analysis on all layers of protocols of the filtered frames; a second mode wherein the filter processing engine passes all types of frames and the analysis block performs detailed analysis on only specified layers of protocols of the filtered frames; and a third mode wherein the filter processing engine reduces the received frames by passing only specified types of frames and the analysis block performs detailed analysis on only specified layers of protocols of the filtered frames. - View Dependent Claims (2)
-
-
3. A method of network traffic analysis comprising:
-
performing pre-analysis of received frames, each frame comprising a plurality of layers of protocols and each frame having a type corresponding to an application layer protocol, to generate classification information on a flow-basis and on a per packet-basis; filtering the received frames to reduce the received frames based on type of each frame indicated by the generated classification information to form information representing filtered frames; and performing detailed analysis on layers of protocols of the filtered frames and generating objects representing the analysis, wherein the analysis of the received frames is performed in different modes, wherein in a first mode the step of filtering the received frames includes passing only specified types of frames and the step of performing detailed analysis on layers includes analyzing all layers of protocols of the filtered frames; in a second mode the step of filtering the received frames includes passing all types of frames and the step of performing detailed analysis on layers includes analyzing only specified layers of protocols of the filtered frames; and in a third mode the step of filtering the received frames includes passing only specified types of frames and the step of performing detailed analysis on layers includes analyzing only specified layers of protocols of the filtered frames. - View Dependent Claims (4)
-
-
5. A system for network traffic analysis comprising:
-
a processor operable to execute computer program instructions; a memory operable to store computer program instructions executable by the processor; and computer program instructions stored in the memory and executable to perform the steps of; performing pre-analysis of received frames, each frame comprising a plurality of layers of protocols and each frame having a type corresponding to an application layer protocol, to generate classification information on a flow-basis and on a per packet-basis; filtering the received frames to reduce the received frames based on a type of each frame indicated by the generated classification information to form information representing filtered frames; and performing detailed analysis on layers of protocols of the filtered frames and generating objects representing the analysis, wherein the analysis of the received frames is performed in different modes, wherein in a first mode the step of filtering the received frames includes passing only specified types of frames and the step of performing detailed analysis on layers includes analyzing all layers of protocols of the filtered frames; in a second mode the step of filtering the received frames includes passing all types of frames and the step of performing detailed analysis on layers includes analyzing only specified layers of the filtered frames; and in a third mode the step of filtering the received frames includes passing only specified types of frames and the step of performing detailed analysis on layers includes analyzing only specified layers of protocols of the filtered frames. - View Dependent Claims (6)
-
-
7. A computer program product for network traffic analysis comprising:
-
a computer readable medium; computer program instructions, recorded on the computer readable medium, executable by a processor, for performing the steps of performing pre-analysis of received frames, each frame comprising a plurality of layers of protocols and each frame having a type corresponding to an application layer protocol, to generate classification information on a flow-basis and on a per packet-basis; filtering the received frames to reduce the received frames based on type of each frame indicated by the generated classification information to form information representing filtered frames; and performing detailed analysis on layers of protocols of the filtered frames and generating objects representing the analysis, wherein the analysis of the received frames is performed in different modes, wherein in a first mode the step of filtering the received frames includes passing only specified types of frames and the step of performing detailed analysis on layers includes analyzing all layers of protocols of the filtered frames; in a second mode the step of filtering the received frames includes passing all types of frames and the step of performing detailed analysis on layers includes analyzing only specified layers of protocols of the filtered frames; and in a third mode the step of filtering the received frames includes passing only specified types of frames and the step of performing detailed analysis on layers includes analyzing only specified layers of protocols of the filtered frames. - View Dependent Claims (8)
-
Specification