Managing captured network traffic data
First Claim
1. A method of managing traffic information captured by a plurality of capture agents running on points within a network, said method comprising:
- receiving, from a user via a graphical user interface, input information linking an application running on the network to a set of the plurality of capture agents;
creating, in a database, an application profile based on the input information mapping the set of the plurality of capture agents to the application;
selecting a portion of the traffic information captured by the plurality of capture agents based on the application profile; and
archiving the selected portion of the traffic information.
21 Assignments
0 Petitions
Accused Products
Abstract
A system and method for managing captured network traffic data is provided. The invention comprises a plurality of capture agents, each being configured to capture the network traffic associated with one or more applications. Each application is associated with one or more capture agents according to an application profile that is stored and maintained in a capture server. When analysis of an application'"'"'s network traffic is required, the capture server contacts the corresponding capture agents according to the application profile. The capture server then effects the identification and archiving of the network traffic that corresponds to a user-defined capture condition. A database at the capture server maintains a record that associates the corresponding network traffic with the user-defined capture condition such that the corresponding network traffic can later be retrieved and analyzed using an analysis engine.
-
Citations
21 Claims
-
1. A method of managing traffic information captured by a plurality of capture agents running on points within a network, said method comprising:
-
receiving, from a user via a graphical user interface, input information linking an application running on the network to a set of the plurality of capture agents; creating, in a database, an application profile based on the input information mapping the set of the plurality of capture agents to the application; selecting a portion of the traffic information captured by the plurality of capture agents based on the application profile; and archiving the selected portion of the traffic information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for managing traffic information captured by a plurality of capture agents running on points within a network, said system comprising:
-
a database interface coupled to a database of traffic information captured by the plurality of capture agents running on points within the network; a graphical user interface configured to receive input information from a user linking an application running on the network to a set of the plurality capture agents; and an analysis processor, configured by executable program code, to create an application profile based on the input information mapping the set of plurality of capture agents to the application, select a portion of the traffic information captured by the plurality of capture agents based on the application profile, and archive the selected portion of the traffic information. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
a plurality of capture components that are each configured to record snapshots of network traffic in response to a user request, wherein new snapshots of network traffic overwrites old snapshots of network traffic after a storage threshold is reached, a database that includes a plurality of profiles, each profile including a set of capture components of the plurality of capture components associated with a particular capture condition, and a management component that is configured to; receive information from which a capture condition can be identified, retrieve, from the database, the set of capture components associated with the identified capture condition, and effect an archiving of at least a portion of the network traffic that has already been recorded by the set of capture components after the capture condition has been identified. - View Dependent Claims (20, 21)
-
Specification