Managing captured network traffic data

US 8,140,665 B2
Filed: 08/19/2006
Issued: 03/20/2012
Est. Priority Date: 08/19/2005
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a plurality of capture components that are each configured to continuously record network traffic, wherein new network traffic overwrites old network traffic after a threshold is reached,a database that includes a plurality of profiles, each profile including a set of capture components of the plurality of capture components associated with a particular capture condition, anda management component that is configured to;

receive information from which a capture condition can be identified,retrieve, from the database, the set of capture components associated with the profile corresponding to the identified capture condition, andeffect an archiving of at least a portion of the network traffic that has already been recorded by the set of capture components before the capture condition was identified.

View all claims

21 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for managing captured network traffic data is provided. The invention comprises a plurality of capture agents, each being configured to capture the network traffic associated with one or more applications. Each application is associated with one or more capture agents according to an application profile that is stored and maintained in a capture server. When analysis of an application'"'"'s network traffic is required, the capture server contacts the corresponding capture agents according to the application profile. The capture server then effects the identification and archiving of the network traffic that corresponds to a user-defined capture condition. A database at the capture server maintains a record that associates the corresponding network traffic with the user-defined capture condition such that the corresponding network traffic can later be retrieved and analyzed using an analysis engine.

Citations

51 Claims

1. A system comprising:
- a plurality of capture components that are each configured to continuously record network traffic, wherein new network traffic overwrites old network traffic after a threshold is reached,a database that includes a plurality of profiles, each profile including a set of capture components of the plurality of capture components associated with a particular capture condition, anda management component that is configured to;
  
  receive information from which a capture condition can be identified,retrieve, from the database, the set of capture components associated with the profile corresponding to the identified capture condition, andeffect an archiving of at least a portion of the network traffic that has already been recorded by the set of capture components before the capture condition was identified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, wherein the management component is further configured to maintain an association of the archived portion of the recorded network traffic and the received information.
  - 3. The system of claim 1, wherein the identified capture condition is an association with an application.
  - 4. The system of claim 1, wherein the identified capture condition is an association with a user.
  - 5. The system of claim 1, wherein at least one capture component of the set of capture components is further configured to store the archived portion of the network traffic in an archive file separate from the recorded network traffic.
  - 6. The system of claim 5, wherein the at least one capture component is further configured to store the archive file at the same location as the recorded network traffic.
  - 7. The system of claim 5, including a repository, wherein the at least one capture component is further configured to transmit the archive file to the repository.
  - 8. The system of claim 1, wherein at least one capture component of the set of traffic components is further configured to lock the archived portion of the recorded network traffic to prevent an overwriting or deletion of the archived portion.
  - 9. The system of claim 1, wherein the management component is further configured to effect a filtering of the network traffic recorded in the archived portion of the recorded network traffic of at least one capture component of the set of capture components.
  - 10. The system of claim 1, including an analytical component that is configured to execute an analysis of the network traffic recorded in the archived portion of the recorded network traffic of at least one capture component of the set of capture components.
  - 11. The system of claim 10, wherein the analysis includes a simulation.
  - 12. The system of claim 1, wherein the received information includes a problem description.
  - 13. The system of claim 12, wherein the problem description includes a problem time.
  - 14. The system of claim 1, wherein the management component includes a user interface component that is configured to receive the information.
  - 15. The system of claim 14, wherein the received information includes a sequence of start and stop commands.
  - 16. The system of claim 1, including a trouble ticketing component that is configured to manage a plurality of trouble tickets corresponding to a plurality of problems.
  - 17. The system of claim 16, wherein the management component includes a notification component that is configured to transmit a notification message to the trouble ticketing component.

18. A method comprising:
- configuring a plurality of capture components, such that each capture component is configured to continuously record network traffic, wherein new network traffic overwrites old network traffic after a threshold is reached,configuring a database to include a plurality of profiles, each profile including a set of capture components of the plurality of capture components associated with a particular capture condition,receiving information,identifying a capture condition based on the received information,retrieving the set of capture components associated with the profile corresponding to the identified capture condition, andarchiving at least a portion of the network traffic that has already been recorded by the set of capture components before the capture condition was identified.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 19. The method of claim 18, including maintaining an association of the archived portion of the recorded network traffic with the received information.
  - 20. The method of claim 18, wherein the identified capture condition is an association with an application.
  - 21. The method of claim 18, wherein the identified capture condition is an association with a user.
  - 22. The method of claim 18, including storing the archived portion of the recorded network traffic in an archive file separate from the recorded network traffic.
  - 23. The method of claim 22, including storing the archive file at the same location as the recorded network traffic.
  - 24. The method of claim 22, including transmitting the archive file to a repository.
  - 25. The method of claim 18, including locking the archived portion of the recorded network traffic to prevent an overwriting or deletion of the archived portion.
  - 26. The method of claim 18, including filtering the network traffic recorded in the archived portion of the recorded network traffic.
  - 27. The method of claim 18, including executing an analysis of the network traffic recorded in the archived portion of the recorded network traffic.
  - 28. The method of claim 27, wherein the analysis includes a simulation.
  - 29. The method of claim 18, wherein the received information includes a problem description.
  - 30. The method of claim 29, wherein the problem description includes a problem time.
  - 31. The method of claim 18, including providing a user interface that is configured to receive the information.
  - 32. The method of claim 31, wherein the received information includes a sequence of start and stop commands.
  - 33. The method of claim 18, including configuring a trouble ticking component to manage a plurality of trouble tickets corresponding to a plurality of problems.
  - 34. The method of claim 33, including transmitting a notification message to the trouble ticketing component.

35. A computer program product stored on a non-transient computer readable medium, which, when executed by a processor, causes the processor to:
- instruct each of a plurality of capture components to continuously record network traffic, wherein new network traffic overwrites old network traffic after a threshold is reached,receive information,identify a capture condition based on the received information,retrieve, based on the identified capture condition, a set of capture components from a database that includes a plurality of sets of capture components, each set of capture components being associated with a particular capture condition, andarchive at least a portion of the network traffic that has already been recorded by the set of capture components before the capture condition was identified.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 36. The computer program product of claim 35, which causes the processor to maintain an association of the archived portion of the recorded network traffic with the received information.
  - 37. The computer program product of claim 35, wherein the identified capture condition is an association with an application.
  - 38. The computer program product of claim 35, wherein the identified capture condition is an association with a user.
  - 39. The computer program product of claim 35, which causes the processor to store the archived portion of the recorded network traffic in an archive file separate from the recorded network traffic.
  - 40. The computer program product of claim 39, which causes the processor to store the archive file at the same location as the recorded network traffic.
  - 41. The computer program product of claim 39, which causes the processor to transmit the archive file to a repository.
  - 42. The computer program product of claim 35, which causes the processor to lock the archived portion of the recorded network traffic to prevent an overwriting or deletion of the archived portion.
  - 43. The computer program product of claim 35, which causes the processor to filter the network traffic in the archived portion of the recorded network traffic.
  - 44. The computer program product of claim 35, which causes the processor to execute an analysis of the network traffic recorded in the archived portion of the recorded network traffic.
  - 45. The computer program product of claim 44, wherein the analysis includes a simulation.
  - 46. The computer program product of claim 35, wherein the received information includes a problem description.
  - 47. The computer program product of claim 46, wherein the problem description includes a problem time.
  - 48. The computer program product of claim 35, which causes the processor to provide a user interface that is configured to receive the information.
  - 49. The computer program product of claim 48, wherein the received information includes a sequence of start and stop commands.
  - 50. The computer program product of claim 35, which causes the processor to instruct a trouble ticking component to manage a plurality of trouble tickets corresponding to a plurality of problems.
  - 51. The computer program product of claim 50, which causes the processor to transmit a notification message to the trouble ticketing component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Riverbed Technology, LLC (Riverbed Technology Incorporated)
Original Assignee
OPNET Technologies Incorporated (Riverbed Technology Incorporated)
Inventors
Malloy, Patrick J., Canney, Michael S., Gehl, Ryan, Cohen, Marc A., Elsner, Russell Mark, Nudelman, Eric S., Schneider, Marc I.
Primary Examiner(s)
Etienne, Ario
Assistant Examiner(s)
NANO, SARGON N

Application Number

US11/507,114
Publication Number

US 20070067450A1
Time in Patent Office

2,040 Days
Field of Search

709/223, 709/224, 709/225, 709/226, 717/127
US Class Current

709/224
CPC Class Codes

H04L 43/00   Arrangements for monitoring...

H04L 43/0823   Errors, e.g. transmission e...

H04L 43/106   using time related informat...

Managing captured network traffic data

First Claim

21 Assignments

0 Petitions

Accused Products

Abstract

Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

Managing captured network traffic data

First Claim

21 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links