Attributes of captured objects in a capture system
First Claim
Patent Images
1. A method to be executed in a network environment in which packets are exchanged, comprising:
- capturing a plurality of packets being transmitted over a network through a capture system that includes a processor and a network interface for receiving packets;
reconstructing an object based on the packets;
communicating the object to an object classification module for classifying the object based on its content, wherein the captured packets are used to reconstruct at least a portion of a document sought to be communicated over the network;
determining a protocol associated with the object;
classifying the object based at least in part on the protocol, wherein the classifying includes generating metadata associated with the object;
storing the metadata and the object; and
balancing resources of the capture system, wherein the balancing comprises determining an amount memory of the capture system that is needed to reassemble a flow and determining a flow rate for the capture system from the amount of memory, and wherein the flow rate reflects a number of concurrent sessions that are supported by the capture system, wherein the capture system is configured to allow the document to be forwarded from the capture system to its intended destination at a network node unless a capture rule prohibits forwarding the document based on an analysis of the content of the document, and wherein if the document is not forwarded then an alert is sent to a user associated with a previous registration of data identified within the document, and wherein the alert includes an Internet protocol (IP) source address and an IP destination address associated with attempted transmission of the document.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method for capturing objects and balancing systems resources in a capture system are described. An object is captured, metadata associated with the objected generated, and the object and metadata stored.
-
Citations
8 Claims
-
1. A method to be executed in a network environment in which packets are exchanged, comprising:
-
capturing a plurality of packets being transmitted over a network through a capture system that includes a processor and a network interface for receiving packets; reconstructing an object based on the packets; communicating the object to an object classification module for classifying the object based on its content, wherein the captured packets are used to reconstruct at least a portion of a document sought to be communicated over the network; determining a protocol associated with the object; classifying the object based at least in part on the protocol, wherein the classifying includes generating metadata associated with the object; storing the metadata and the object; and balancing resources of the capture system, wherein the balancing comprises determining an amount memory of the capture system that is needed to reassemble a flow and determining a flow rate for the capture system from the amount of memory, and wherein the flow rate reflects a number of concurrent sessions that are supported by the capture system, wherein the capture system is configured to allow the document to be forwarded from the capture system to its intended destination at a network node unless a capture rule prohibits forwarding the document based on an analysis of the content of the document, and wherein if the document is not forwarded then an alert is sent to a user associated with a previous registration of data identified within the document, and wherein the alert includes an Internet protocol (IP) source address and an IP destination address associated with attempted transmission of the document. - View Dependent Claims (2, 3)
-
-
4. An article of manufacture including program code stored on a non-transitory computer-readable medium which, when executed by a machine, causes the machine to perform a method, the method comprising:
-
capturing a plurality of packets being transmitted over a network through a capture system; reconstructing an object based on the packets; communicating the object to an object classification module for classifying the object based on its content, wherein the captured packets are used to reconstruct at least a portion of a document sought to be communicated over the network; determining a protocol associated with the object; classifying the object based at least in part on the protocol, wherein the classifying includes generating metadata associated with the object; storing the metadata and the object; and balancing resources of the capture system, wherein the balancing comprises determining an amount memory of the capture system that is needed to reassemble a flow and determining a flow rate for the capture system from the amount of memory, and wherein the flow rate reflects a number of concurrent sessions that are supported by the capture system, wherein the capture system is configured to allow the document to be forwarded from the capture system to its intended destination at a network node unless a capture rule prohibits forwarding the document based on an analysis of the content of the document, and wherein if the document is not forwarded then an alert is sent to a user associated with a previous registration of data identified within the document, and wherein the alert includes an Internet protocol (IP) source address and an IP destination address associated with attempted transmission of the document. - View Dependent Claims (5, 6)
-
-
7. A capture system provisioned in a network environment in which packets propagate, comprising:
-
a capture device; wherein the capture device includes; a processor and a computer-readable memory; a network interface module to receive a plurality of packets; a packet capture module coupled to the network interface module; an object assembly module configured to reassemble an object associated with the captured packets; an object classification module to generate a tag for the object and balance memory resources of the capture system, the object classification module classifying the object based on its content, wherein the captured packets are used to reconstruct at least a portion of a document sought to be communicated over the network; and an object store module configured to store the object and the tag, wherein the balancing comprises determining an amount memory of the capture system that is needed to reassemble a flow and determining a flow rate for the capture system from the amount of memory, and wherein the flow rate reflects a number of concurrent sessions that are supported by the capture system, wherein the capture system is configured to allow the document to be forwarded from the capture system to its intended destination at a network node unless a capture rule prohibits forwarding the document based on an analysis of the content of the document, and wherein if the document is not forwarded then an alert is sent to a user associated with a previous registration of data identified within the document, and wherein the alert includes an Internet protocol (IP) source address and an IP destination address associated with attempted transmission of the document. - View Dependent Claims (8)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMcAfee, LLC
-
Original AssigneeMcAfee, Inc. (McAfee, LLC)
-
InventorsDeninger, William, de la Iglesia, Erik, Ahuja, Ratinder Paul Singh, Lowe, Rick
-
Primary Examiner(s)Etienne; Ario
-
Assistant Examiner(s)Williams; Clayton R
-
Application NumberUS11/439,112Publication NumberTime in Patent Office1,842 DaysField of SearchNoneUS Class Current709/224CPC Class CodesH04L 43/106 using time related informat...H04L 43/18 Protocol analysersH04L 43/50 Testing arrangementsH04L 63/0209 Architectural arrangements,...
