Systems and methods of network monitoring

US 7,742,404 B2
Filed: 02/23/2007
Issued: 06/22/2010
Est. Priority Date: 02/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method for network monitoring comprising the steps of:

receiving a first packet;

creating a first filter instance if the first received packet matches a filter template, the first filter instance based at least partially on the filter template;

receiving a second packet;

storing the second received packet if the second received packet matches the created first filter instance; and

creating a second filter instance based at least in part on information contained in a third received packet and at least in part on one of a plurality of predefined filter templates.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of network monitoring are disclosed. One exemplary method includes receiving a first packet, creating a filter instance if the first received packet matches a filter template, receiving a second packet, and storing the second received packet if the second received packet matches the created filter instance. The filter instance is based at least partially on the filter template. An exemplary system includes a network interface, a memory, and a processor. The memory stores program code which programs the network monitor device to receive a first packet, create a filter instance if the first received packet matches a filter template, receive a second packet, and store the second received packet if the second received packet matches the created filter instance. The filter instance is based at least partially on the filter template.

13 Citations

View as Search Results

16 Claims

1. A method for network monitoring comprising the steps of:
- receiving a first packet;
  
  creating a first filter instance if the first received packet matches a filter template, the first filter instance based at least partially on the filter template;
  
  receiving a second packet;
  
  storing the second received packet if the second received packet matches the created first filter instance; and
  
  creating a second filter instance based at least in part on information contained in a third received packet and at least in part on one of a plurality of predefined filter templates.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the first filter instance is based at least partially on the first received packet.
  - 3. The method of claim 1, further comprising the step of:
    - determining whether the first received packet matches one or more of a plurality of filter templates.
  - 4. The method of claim 1, further comprising the step of:
    - determining whether the first received packet matches one or more of a plurality of predefined filter templates.
  - 5. The method of claim 1, further comprising the step of:
    - determining whether the first received packet matches one or more of a plurality of user-defined filter templates created by a user.
  - 6. The method of claim 1, further comprising the step of:
    - creating a filter instance based at least in part on a protocol header field contained in a third received packet and at least in part on a wildcard value found in one of a plurality of filter templates.
  - 7. The method of claim 1, further comprising the step of:
    - creating a filter instance based at least in part on a protocol header field contained in a third received packet and at least in part on a wildcard value found in one of a plurality of predefined filter templates.
  - 8. The method of claim 1, further comprising the step of:
    - adding the created first filter instance to a list of filter instances.

9. A network monitor device comprising:
- a network interface;
  
  memory having program code stored thereon; and
  
  a processor programmed by at least the program code to enable the network monitor device to;
  
  receive a first packet from the network interface;
  
  create a filter instance if the first received packet matches a filter template, the filter instance based at least partially on the filter template;
  
  receive a description of the filter template including at least one protocol header field and at least one value associated with the at least one protocol header field;
  
  receive a second packet from the network interface; and
  
  store the second received packet if the second received packet matches the created filter instance.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The device of claim 9, wherein the filter instance is based at least partially on the first received packet.
  - 11. The device of claim 9, wherein the processor is further programmed to:
    - determining whether the first received packet matches one or more of a plurality of filter templates.
  - 12. The device of claim 9, wherein the processor is further programmed to:
    - receive a description of the filter template including at least one protocol header field and at least one value associated with the at least one protocol header field, the at least one value selected from a plurality of values which includes a wildcard value.
  - 13. The device of claim 9, wherein the processor is further programmed to:
    - receive a description of the filter template including at least one protocol header field and at least one value associated with the at least one protocol header field, the at least one value selected from a plurality of values which includes a wildcard value and a don'"'"'t care value.

14. A system for network monitoring comprising:
- means for receiving a first packet;
  
  means for creating a filter instance if the first received packet matches a filter template, the filter instance based at least partially on the filter template;
  
  means for receiving a second packet;
  
  means for storing the second received packet if the second received packet matches the created filter instance;
  
  means for receiving a monitor request from a remote device, the request including a filter instance and an address;
  
  means for capturing packets in accordance with the filter instance; and
  
  means for sending a report associated with the captured packets to the address in the request.
- View Dependent Claims (15, 16)
- - 15. The system of claim 14, further comprising:
    - means for storing all of a plurality of packets received during a time window, the duration of the time window specified by a user.
  - 16. The system of claim 15, further comprising the step of:
    - means for displaying at least a portion of the received plurality of packets, the portion specified by a user as a number of time windows.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Asankya, Inc. (Dell Technologies Inc.)
Inventors
Sivakumar, Raghupathy, Velayutham, Aravind
Primary Examiner(s)
Pham; Chi H
Assistant Examiner(s)
HYUN, SOON D

Application Number

US11/678,430
Publication Number

US 20070223481A1
Time in Patent Office

1,215 Days
Field of Search

None
US Class Current

370/229
CPC Class Codes

H04L 43/02   Capturing of monitoring data

H04L 43/028   by filtering

H04L 43/0829   Packet loss

H04L 43/0852   Delays

H04L 43/087   Jitter

H04L 43/106   using time related informat...

H04L 47/10   Flow control; Congestion co...

Systems and methods of network monitoring

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of network monitoring

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links