Systems and methods for extracting media from network traffic having unknown protocols
First Claim
Patent Images
1. A method, comprising:
- receiving in a computerized analysis system network traffic, which complies with a protocol, wherein the protocol is not decodable by the analysis system, and which network traffic carries a data item of a respective media type, wherein the data item comprises a sequence of bytes;
automatically identifying the media type by processing the network traffic, wherein identifying the media type comprises identifying that the sequence of bytes comprises valid text; and
extracting at least part of the data item responsively to the identified media type.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for analyzing network traffic. An analysis system receives network traffic, which complies with a certain protocol. The received network traffic carries a data item, which may be of value to an analyst. In order to access the data item in question, the analysis system automatically identifies the media type of the data item, by processing the network traffic irrespective of the protocol. The analysis system identifies the media type irrespective of the protocol in order to avoid the computational complexity involved in decoding the protocol.
-
Citations
16 Claims
-
1. A method, comprising:
-
receiving in a computerized analysis system network traffic, which complies with a protocol, wherein the protocol is not decodable by the analysis system, and which network traffic carries a data item of a respective media type, wherein the data item comprises a sequence of bytes; automatically identifying the media type by processing the network traffic, wherein identifying the media type comprises identifying that the sequence of bytes comprises valid text; and extracting at least part of the data item responsively to the identified media type. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. Apparatus, comprising:
-
an interface configured to receive network traffic, which complies with a protocol, wherein the protocol is not decodable by the analysis system, and which network traffic carries a data item of a respective media type, wherein the data item comprises a sequence of bytes; and a processor, which is configured to automatically identify the media type by processing the network traffic, wherein identifying the media type comprises identifying that the sequence of bytes comprises valid text, and to extract at least part of the data item responsively to the identified media type. - View Dependent Claims (16)
-
Specification