Method and apparatus for network packet capture distributed storage system
First Claim
1. A method for capturing, storing, and retrieving pre-selected packets of data comprising the steps of:
- connecting at least one capture appliance to at least one predetermined data communications path;
promiscuously capturing a predetermined portion of data communicated along the data communications path and replicating the predetermined portion of data in a volatile storage;
aggregating the captured data in the volatile storage into a slot of the predetermined slot size by;
a. creating a slot of predetermined size, comprised of a predetermined number of buffers, each buffer having a predetermined size; and
b. collectively managing the slot based on a least recently used cache that maps the data in the slot to a non-volatile storage to create a cache image of the captured data across contiguous sectors of the non-volatile storage system using at least one high-performance parallel controller fabric to achieve striping and thereby allow the controller simultaneously to write to a plurality of non-volatile storage devices;
annotating the aggregated data based on pre-determined heuristics and non-volatile storage characteristics annotated by fixed time domain and mapped addressed for transfer to the non-volatile storage;
storing the annotated, aggregated data in the non-volatile storage using an infinitely journaled, write-once, hierarchical file system to create at least one index of a set of predetermined characteristics that are useable to retrieve the data;
incorporating a means of reconstructing any corrupted data to ensure data accuracy;
retrieving a predetermined portion of captured data from the stored slot by;
a. identifying one or more characteristics of the data to be retrieved;
b. computing the locality of the slot containing the data having the identified characteristics on the non-volatile storage;
c. copying the data having the identified characteristics from the slot to the volatile storage using the least recently used algorithm to allocate space in the volatile storage;
d. packaging and conforming the data having the identified characteristics to be accessible using industry standard access methods; and
e. allowing a user to access and review the data having the identified characteristics.
10 Assignments
0 Petitions
Accused Products
Abstract
This is invention comprises a method and apparatus for Infinite Network Packet Capture System (INPCS). The INPCS is a high performance data capture recorder capable of capturing and archiving all network traffic present on a single network or multiple networks. This device can be attached to Ethernet networks via copper or SX fiber via either a SPAN port (101) router configuration or via an optical splitter (102). By this method, multiple sources or network traffic including gigabit Ethernet switches (102) may provide parallelized data feeds to the capture appliance (104), effectively increasing collective data capture capacity. Multiple captured streams are merged into a consolidated time indexed capture stream to support asymmetrically routed network traffic as well as other merged streams for external consumption.
-
Citations
1 Claim
-
1. A method for capturing, storing, and retrieving pre-selected packets of data comprising the steps of:
-
connecting at least one capture appliance to at least one predetermined data communications path; promiscuously capturing a predetermined portion of data communicated along the data communications path and replicating the predetermined portion of data in a volatile storage; aggregating the captured data in the volatile storage into a slot of the predetermined slot size by; a. creating a slot of predetermined size, comprised of a predetermined number of buffers, each buffer having a predetermined size; and b. collectively managing the slot based on a least recently used cache that maps the data in the slot to a non-volatile storage to create a cache image of the captured data across contiguous sectors of the non-volatile storage system using at least one high-performance parallel controller fabric to achieve striping and thereby allow the controller simultaneously to write to a plurality of non-volatile storage devices; annotating the aggregated data based on pre-determined heuristics and non-volatile storage characteristics annotated by fixed time domain and mapped addressed for transfer to the non-volatile storage; storing the annotated, aggregated data in the non-volatile storage using an infinitely journaled, write-once, hierarchical file system to create at least one index of a set of predetermined characteristics that are useable to retrieve the data; incorporating a means of reconstructing any corrupted data to ensure data accuracy; retrieving a predetermined portion of captured data from the stored slot by; a. identifying one or more characteristics of the data to be retrieved; b. computing the locality of the slot containing the data having the identified characteristics on the non-volatile storage; c. copying the data having the identified characteristics from the slot to the volatile storage using the least recently used algorithm to allocate space in the volatile storage; d. packaging and conforming the data having the identified characteristics to be accessible using industry standard access methods; and e. allowing a user to access and review the data having the identified characteristics.
-
Specification