Locational tagging in a capture system

US 8,010,689 B2
Filed: 05/22/2006
Issued: 08/30/2011
Est. Priority Date: 05/22/2006
Status: Active Grant

First Claim

Patent Images

1. An article of manufacture including program code embodied on a memory which, when executed by a machine, causes the machine to perform a method, the method comprising:

maintaining a tiered location configuration for a capture system of a network having private internet protocol (IP) addresses, the capture system being configured for a network security application in which filtering occurs such that certain flows originated at a first computer are prohibited from reaching their originally intended destination;

maintaining a list of private internet protocol (IP) address relationships to tier location configuration values for the capture system;

capturing a packet with the capture system;

classifying the packet into a plurality of tiers included within the tiered location configuration by comparing source and destination IP addresses associated with the packet to a tier mapping element maintained by the capture system, and wherein a selected first one of tiers identifies a geographic characteristic associated with the packet, and a selected second one of the tiers identifies a separate location characteristic associated with the packet, and a selected third one of the tiers identifies a division of a company, and a selected fourth one of the tiers identifies a building from which the packet originated, wherein the tiered location configuration includes separate tiers having different levels of detail; and

receiving a search query specifying a selected one of the levels of detail associated with the tiered location configuration.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for locational tagging in a capture system are described. Metadata associated with a captured object includes: information about a location in storage of an object and that objects association to a particular user; and/or tiered location information.

Citations

15 Claims

1. An article of manufacture including program code embodied on a memory which, when executed by a machine, causes the machine to perform a method, the method comprising:
- maintaining a tiered location configuration for a capture system of a network having private internet protocol (IP) addresses, the capture system being configured for a network security application in which filtering occurs such that certain flows originated at a first computer are prohibited from reaching their originally intended destination;
  
  maintaining a list of private internet protocol (IP) address relationships to tier location configuration values for the capture system;
  
  capturing a packet with the capture system;
  
  classifying the packet into a plurality of tiers included within the tiered location configuration by comparing source and destination IP addresses associated with the packet to a tier mapping element maintained by the capture system, and wherein a selected first one of tiers identifies a geographic characteristic associated with the packet, and a selected second one of the tiers identifies a separate location characteristic associated with the packet, and a selected third one of the tiers identifies a division of a company, and a selected fourth one of the tiers identifies a building from which the packet originated, wherein the tiered location configuration includes separate tiers having different levels of detail; and
  
  receiving a search query specifying a selected one of the levels of detail associated with the tiered location configuration.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The article of manufacture of claim 1, further comprising:
    - storing the tiered location configuration as a part of a metadata associated with the packet.
  - 3. The article of manufacture of claim 1, further comprising:
    - creating a tiered location configuration.
  - 4. The article of manufacture of claim 1, further comprising:
    - creating a list of internet protocol (IP) address relationships to tier location configuration values for the capture system.
  - 5. The article of manufacture of claim 1, wherein the tiered location configuration comprises:
    - four tiers, wherein each tier is of a different level of abstraction.

6. An article of manufacture including program code embodied on a memory which, when executed by a machine, causes the machine to perform a method, the method comprising:
- initializing a log file, the log file to store internet protocol (IP) address assignment by MAC address;
  
  reading the log to determine a relationship between an IP address and a user;
  
  maintaining a tiered location configuration for a capture system of a network having private internet protocol (IP) addresses, the capture system being configured for a network security application in which filtering occurs such that certain flows originated at a first computer are prohibited from reaching their originally intended destination;
  
  capturing a packet addressed to a particular IP address;
  
  associating the packet to a user from the log, wherein the packet is classified within the tiered location configuration by comparing source and destination IP addresses associated with the packet to a tier mapping element maintained by the capture system, and wherein a selected first one of tiers identifies a geographic characteristic associated with the packet, and a selected second one of the tiers identifies a separate location characteristic associated with the packet, and a selected third one of the tiers identifies a division of a company, and a selected fourth one of the tiers identifies a building from which the packet originated, wherein the tiered location configuration includes separate tiers having different levels of detail; and
  
  receiving a search query specifying a selected one of the levels of detail associated with the tiered location configuration.
- View Dependent Claims (7, 8, 9)
- - 7. The article of manufacture of claim 6, further comprising:
    - storing an item associated with the packet in a storage system, wherein the item is associated with the user.
  - 8. The article of manufacture of claim 7, wherein the storage system is rolling storage.
  - 9. The article of manufacture of claim 6, wherein the log is a DHCP log.

10. A method comprising:
- maintaining a tiered location configuration for a capture system of a network having private internet protocol (IP) addresses on a memory, the capture system being configured for a network security application in which filtering occurs such that certain flows originated at a first computer are prohibited from reaching their originally intended destination;
  
  maintaining a list of private internet protocol (IP) address relationships to tier location configuration values for the capture system;
  
  capturing a packet with the capture system;
  
  classifying the packet into a plurality of tiers included within the tiered location configuration by comparing source and destination IP addresses associated with the packet to a tier mapping element maintained by the capture system, and wherein a selected first one of tiers identifies a geographic characteristic associated with the packet, and a selected second one of the tiers identifies a separate location characteristic associated with the packet, and a selected third one of the tiers identifies a division of a company, and a selected fourth one of the tiers identifies a building from which the packet originated, wherein the tiered location configuration includes separate tiers having different levels of detail; and
  
  receiving a search query specifying a selected one of the levels of detail associated with the tiered location configuration.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10, further comprising:
    - storing the tiered location configuration as a part of metadata associated with the packet.
  - 12. The method of claim 10, wherein the tiered location configuration comprises:
    - four tiers, wherein each tier is of a different level of abstraction.

13. A method comprising:
- initializing a log file, the log file to store Internet protocol (IP) address assignment by MAC address on a memory;
  
  reading the log to determine a relationship between an IP address and a user;
  
  maintaining a tiered location configuration for a capture system of a network having private internet protocol (IP) addresses, the capture system being configured for a network security application in which filtering occurs such that certain flows originated at a first computer are prohibited from reaching their originally intended destination;
  
  capturing a packet addressed to a particular IP address;
  
  associating the packet to a user from the log, wherein the packet is classified within the tiered location configuration by comparing source and destination IP addresses associated with the packet to a tier mapping element maintained by the capture system, and wherein a selected first one of tiers identifies a geographic characteristic associated with the packet, and a selected second one of the tiers identifies a separate location characteristic associated with the packet, and a selected third one of the tiers identifies a division of a company, and a selected fourth one of the tiers identifies a building from which the packet originated, wherein the tiered location configuration includes separate tiers having different levels of detail; and
  
  receiving a search query specifying a selected one of the levels of detail associated with the tiered location configuration.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, further comprising:
    - storing an item associated with the packet in a storage system, wherein the item is associated with the user.
  - 15. The method of claim 14, wherein the storage system is rolling storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Deninger, William, de la Iglesia, Erik, Ahuja, Ratinder Paul Singh
Primary Examiner(s)
Moore; Ian N
Assistant Examiner(s)
Cheney; Bobae K

Application Number

US11/439,484
Publication Number

US 20070271372A1
Time in Patent Office

1,926 Days
Field of Search

726/13
US Class Current

709/230
CPC Class Codes

H04L 63/12 Applying verification of th...

H04L 63/1408 by monitoring network traff...

Locational tagging in a capture system

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Locational tagging in a capture system

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links