Dynamic monitoring of network traffic
First Claim
Patent Images
1. A device comprising:
- one or more processors to;
determine that a traffic flow associated with received data is not identified,store, based on the traffic flow not being identified, a copy of the data,transmit the data from a first port of the device,receive other data based on the transmitting of the data from the device,identify the traffic flow associated with the data based on the other data,determine that the identified traffic flow comprises a particular type of traffic flow to be monitored,mirror the data, to form mirrored data, based on the identified traffic flow comprising the particular type of traffic flow,modify the mirrored data to cause the mirrored data to be associated with a second port of the device,the second port being different from the first port, andtransmit, via the second port, the mirrored data to a monitoring appliance that is configured to monitor the particular type of traffic flow.
0 Assignments
0 Petitions
Accused Products
Abstract
A device, connected to a monitoring appliance, may include a traffic analyzer to receive a data unit and identify a traffic flow associated with the data unit. The device may also include a traffic processor to receive the data unit and information regarding the identified traffic flow from the traffic analyzer, determine that the identified traffic flow is to be monitored by the monitoring appliance, change a port number, associated with the data unit, to a particular port number to create a modified data unit when the identified traffic flow is to be monitored by the monitoring appliance, and send the modified data unit to the monitoring appliance.
-
Citations
20 Claims
-
1. A device comprising:
one or more processors to; determine that a traffic flow associated with received data is not identified, store, based on the traffic flow not being identified, a copy of the data, transmit the data from a first port of the device, receive other data based on the transmitting of the data from the device, identify the traffic flow associated with the data based on the other data, determine that the identified traffic flow comprises a particular type of traffic flow to be monitored, mirror the data, to form mirrored data, based on the identified traffic flow comprising the particular type of traffic flow, modify the mirrored data to cause the mirrored data to be associated with a second port of the device, the second port being different from the first port, and transmit, via the second port, the mirrored data to a monitoring appliance that is configured to monitor the particular type of traffic flow. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A non-transitory computer-readable medium storing instructions, the instructions comprising:
-
one or more instructions which, when executed by at least one processor, cause the at least one processor to determine that a traffic flow associated with received data is not identified; one or more instructions which, when executed by the at least one processor, cause the at least one processor to store, based on the traffic flow not being identified, a copy of the data; one or more instructions which, when executed by the at least one processor, cause the at least one processor to transmit, via a first port, the data to a destination; one or more instructions which, when executed by the at least one processor, cause the at least one processor to receive other data after transmitting the data to the destination; one or more instructions which, when executed by the at least one processor, cause the at least one processor to determine that the other data is associated with a particular type of traffic flow; one or more instructions which, when executed by the at least one processor, cause the at least one processor to mirror the data, to form mirrored data, based on the other data being associated with the particular type of traffic flow; one or more instructions which, when executed by the at least one processor, cause the at least one processor to modify the mirrored data to cause the mirrored data to be associated with a second port of the device, the second port being different from the first port; and one or more instructions which, when executed by the at least one processor, cause the at least one processor to transmit the mirrored data to a monitoring appliance that is configured to monitor the particular type of traffic flow. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
receiving, by a network device, first data; determining, by the network device, that a traffic flow, associated with the first data, is not identified; storing, by the network device, a copy of the first data based on determining that the traffic flow is not identified; transmitting, by the network device and via a first port, the first data from the network device; receiving, by the network device, second data after transmitting the first data; identifying, by the network device, the traffic flow associated with the first data based on a traffic flow associated with the second data; determining, by the network device, that the traffic flow associated with the second data is to be monitored; modifying, by the network device, the copy of the first data to cause the copy of the first data to be associated with a second different port; and transmitting, by the network device, the modified copy of the first data to a monitoring appliance based on determining that the traffic flow associated with the second data is to be monitored. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification