Monitoring network traffic by using a monitor device
First Claim
1. A computer implemented method for associating packets according to user information defined in a directory service available through a networked environment, the networked environment providing an authentication service and a name service and including at least one client, the method comprising:
- at a collector, obtaining user information from the directory service by obtaining at least one user object attribute set from the directory service, the directory service maintaining a directory of objects in a hierarchical framework, each of the objects representing a network entity and one or more attributes of the network entity, the hierarchical framework categorizing each of the objects as one of;
a resource;
a service; and
a person;
at a monitor configured to connect to the collector,identifying at least one authentication exchange packet from packets traversing on the networked environment;
extracting a first user ID and a first network address from the authentication exchange packet;
filtering packets traversing on the network environment that each have a network address equivalent to the first network address; and
at the collector, associating packets found in the filtering with the user information having a user name attribute equivalent to the first user ID.
8 Assignments
0 Petitions
Accused Products
Abstract
A solution is provided for associating network traffic traversing on a networked environment according to a selected category item, such as a user name or other network entity identity-related information, by using a monitor device. The solution includes: obtaining user information from the directory service by obtaining at least one set of user object attributes from the directory service; identifying at least one authentication exchange packet from packets traversing on the networked environment; extracting a user ID and a network address from the authentication exchange packet; filtering or selecting packets traversing on the network environment that each have a network address equivalent to the extracted network address; and associating packets that were selected with user information having a name attribute equivalent to the extracted user ID.
66 Citations
57 Claims
-
1. A computer implemented method for associating packets according to user information defined in a directory service available through a networked environment, the networked environment providing an authentication service and a name service and including at least one client, the method comprising:
-
at a collector, obtaining user information from the directory service by obtaining at least one user object attribute set from the directory service, the directory service maintaining a directory of objects in a hierarchical framework, each of the objects representing a network entity and one or more attributes of the network entity, the hierarchical framework categorizing each of the objects as one of; a resource; a service; and a person; at a monitor configured to connect to the collector, identifying at least one authentication exchange packet from packets traversing on the networked environment; extracting a first user ID and a first network address from the authentication exchange packet; filtering packets traversing on the network environment that each have a network address equivalent to the first network address; and at the collector, associating packets found in the filtering with the user information having a user name attribute equivalent to the first user ID. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for associating packets according to user information defined in a directory service available through a networked environment, the networked environment providing an authentication service and a name service and including at least one client, the system comprising:
-
a memory; a monitor configured to receive packets traversing through the networked environment; a collector configured to connect to the monitor and the networked environment, the collector configured to obtain user information from the directory service by obtaining at least one user object attribute set from the directory service, the directory service maintaining a directory of objects in a hierarchical framework, each of the objects representing a network entity and one or more attributes of the network entity, the hierarchical framework categorizing each of the objects as one of; a resource; a service; and a person; wherein the monitor is configured to; identify at least one authentication exchange packet from the packets; extract a first user ID and a first network address from the authentication exchange packet; and filter packets from the packets that each have a network address equivalent to the first network address; and wherein the collector is configured to associate packets filtered by the monitor with one of the at least one user object attribute set having a user name attribute equivalent to the first user ID. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for associating packets according to user information defined in a directory service used in a networked environment, the networked environment providing an authentication service and a name service, the system comprising:
-
a monitor that includes means for receiving packets traversing through the networked environment; a collector configured to connect to the monitor and the networked environment, the collector having a means for processing user information from the directory service by obtaining at least one user object attribute set from the directory service, the directory service maintaining a directory of objects in a hierarchical framework, each of the objects representing a network entity and one or more attributes of the network entity, the hierarchical framework categorizing each of the objects as one of; a resource; a service; and a person; wherein the monitor further comprises a means for identifying at least one authentication exchange packet from the received packets, a means for extracting a user ID and a first network address from the authentication exchange packet, and a means for filtering packets from the received packets that each have a network address equivalent to the first network address; and wherein the collector further comprises a means for associating packets filtered by the means for filtering with one of the at least one user object attribute set having a user name attribute equivalent to the user ID. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
-
-
37. A system for associating packets according to user information defined as part of a networked environment, the system comprising:
-
a networked environment having at least one client, a database server and a plurality of network services, including a directory service, an authentication service, and a name service, and wherein the user information is maintained by the directory service; a monitor configured to receive packets traversing through the networked environment; a collector coupled to the monitor and the networked environment, the directory service maintaining a directory of objects in a hierarchical framework, each of the objects representing a network entity and one or more attributes of the network entity, the hierarchical framework categorizing each of the objects as one of; a resource; a service; and a person; a collector coupled to the monitor and the networked environment; wherein the monitor is configured to; identify an authentication exchange packet from the packets received, the authentication exchange packet having a user ID and network address; identify packets received that have the network address; and send the packets identified to the collector; and wherein the collector is configured to; obtain user information corresponding to the user ID by querying the directory service using the user ID; and associate the packets identified with the user information. - View Dependent Claims (38, 39, 40, 41)
-
-
42. A computer program embodied on at least one computer-readable medium for executing a method for associating packets according to user information defined in a directory service available through a networked environment, the networked environment providing an authentication service and a name service and including at least one client, the method comprising:
-
at a collector, obtaining user information from the directory service by obtaining at least one user object attribute set from the directory service, the directory service maintaining a directory of objects in a hierarchical framework, each of the objects representing a network entity and one or more attributes of the network entity, the hierarchical framework categorizing each of the objects as one of; a resource; a service; and a person; at a monitor configured to connect to the collector, identifying at least one authentication exchange packet from packets traversing on the networked environment; extracting a first user ID and a first network address from the authentication exchange packet; and selecting packets traversing on the network environment that each have a network address equivalent to the first network address; and at the collector, associating packets found in the selecting with the user information having a user name attribute equivalent to the first user ID. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
-
Specification