System, method and apparatus for troubleshooting an IP network

US 8,862,718 B2
Filed: 07/11/2007
Issued: 10/14/2014
Est. Priority Date: 07/12/2006
Status: Active Grant

First Claim

Patent Images

1. A method for troubleshooting one or more communication(s) between a first device and a second device, comprising the steps of:

receiving a mirrored message associated with the one or more communication(s) at a monitoring device disposed between the first device and the second device such that the monitoring device monitors the one or more communication(s) between the first device and the second device;

analyzing the received mirrored message to provide an analyzed mirrored message;

storing the analyzed mirrored message in one or more log files whenever the analyzed mirrored message satisfies one or more troubleshooting criteria;

providing the one or more log files for post-processing, analysis and troubleshooting, wherein the one or more communication(s) between the first and second devices are an encrypted communication;

decrypting the received mirrored message using a security key;

wherein the foregoing steps are performed by the monitoring device;

establishing an encrypted network communication channel between the monitoring device and a security device;

receiving, at the monitoring device, the security key from the security device via the encrypted network communication channel; and

storing the security key.

View all claims

19 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system, method and apparatus for troubleshooting one or more communications between a first device and a second device. A monitoring device disposed between the first device and the second device receives a message associated with the communication(s), analyzes the received message and stores the analyzed message whenever the analyzed message satisfies one or more troubleshooting criteria. The one or more troubleshooting criteria may include one or more data element criteria, one or more event-based criteria, one or more time-based criteria, one or more logical operators or a combination thereof. The method can be implemented using a computer program embodied on a computer readable medium having one or more code segments to perform the method steps.

71 Citations

View as Search Results

19 Claims

1. A method for troubleshooting one or more communication(s) between a first device and a second device, comprising the steps of:
- receiving a mirrored message associated with the one or more communication(s) at a monitoring device disposed between the first device and the second device such that the monitoring device monitors the one or more communication(s) between the first device and the second device;
  
  analyzing the received mirrored message to provide an analyzed mirrored message;
  
  storing the analyzed mirrored message in one or more log files whenever the analyzed mirrored message satisfies one or more troubleshooting criteria;
  
  providing the one or more log files for post-processing, analysis and troubleshooting, wherein the one or more communication(s) between the first and second devices are an encrypted communication;
  
  decrypting the received mirrored message using a security key;
  
  wherein the foregoing steps are performed by the monitoring device;
  
  establishing an encrypted network communication channel between the monitoring device and a security device;
  
  receiving, at the monitoring device, the security key from the security device via the encrypted network communication channel; and
  
  storing the security key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method as recited in claim 1, further comprising the step of receiving the one or more troubleshooting criteria.
  - 3. The method as recited in claim 1, wherein the one or more troubleshooting criteria comprise one or more data element criteria, one or more event-based criteria, one or more time-based criteria, one or more logical operators or a combination thereof.
  - 4. The method as recited in claim 3, wherein:
    - the one or more data elements comprise an international mobile subscriber identity, an unlicensed mobile access classmark, a cell identity, a location area identity, a routing area identity, an access point identity, an Internet Protocol (IP) subnet mask, an IPsec tunnel identity IP address, a secure gateway identity IP address, an unlicensed network controller identity IP address, a media gateway identity IP address, a general packet radio service gateway identity IP address, a border router IP address, a user equipment uniform resource identifier, a transport layer security tunnel identity IP address, a packet data gateway identity IP address, a proxy call session control function identity IP address, a protocol type or all messages;
      
      the one or more event-based criteria comprise an IPsec failure, one or more registration failure criteria, a general packet radio service attach failure, a packet data protocol context failure, a transport layer security failure;
      
      orthe one or more time-based criteria comprise a start time, an end time, or a duration.
  - 5. The method as recited in claim 1, further comprising the steps of:
    - creating a troubleshooting session containing the one or more troubleshooting criteria;
      
      sending the troubleshooting session to the monitoring device; and
      
      receiving one or more log files containing the stored messages corresponding to the troubleshooting session.
  - 6. The method as recited in claim 1, further comprising the step of:
    - storing the analyzed message in a buffer whenever the analyzed message does not satisfy any of the troubleshooting criteria.
  - 7. The method as recited in claim 1, further comprising the step of receiving a new security key whenever the security key associated with the communication(s) between the first device and the second device is changed.
  - 8. The method as recited in claim 7, wherein the security key is changed on a per session or per call basis.
  - 9. The method as recited in claim 1, wherein the monitoring device is communicably connected between the first device and the second device, or is communicably connected to a tap communicably connected between the first device and the second device.
  - 10. The method as recited in claim 1, wherein:
    - the monitoring device comprises an application level security node or an Internet Protocol Communication Security device;
      
      the first device or the second device comprises a border router, a packet data gateway, a secure gateway, a signaling gateway, a network trusted entity, a device that creates a security key, a remote device, an application server, a home subscriber server, an interrogating call session control function, a service call session control function, a subscriber location function, a breakout gateway function controller, a media gateway control function, a media resource function controller, a proxy call session control function, a policy decision function, an access-authorization-accounting server, a gateway general packet radio service support node, an unlicensed network controller, a media gateway, a general packet radio service gateway or other communications device;
      
      the remote device comprises an end user device, a mobile handset, a computer, a portable computer, a personal data assistant, a multimedia device or a combination thereof;
      
      orthe message(s) comprise one or more data packets, voice packets, multimedia packets or a combination thereof.
  - 11. The method as recited in claim 1, wherein the one or more troubleshooting criteria comprises an unlicensed mobile access classmark.
  - 12. The method as recited in claim 1, wherein the one or more troubleshooting criteria comprises a cell identity.
  - 13. The method as recited in claim 1, wherein the one or more troubleshooting criteria comprises an Internet Protocol (IP) subnet mask.
  - 14. The method as recited in claim 1, wherein the one or more troubleshooting criteria comprises an IPsec tunnel identity IP address.
  - 15. The method as recited in claim 1, wherein the one or more troubleshooting criteria comprises a transport layer security tunnel identity IP address.
  - 16. The method as recited in claim 1, wherein the one or more troubleshooting criteria comprises an IPsec failure.
  - 17. The method as recited in claim 1, wherein the one or more troubleshooting criteria comprises a registration failure criteria.

18. A computer program embodied on a non-transitory computer readable medium executable by a computerized monitoring device for troubleshooting one or more communication(s) between a first device and a second device, the computer program comprising:
- a code segment for receiving a mirrored message associated with the one or more communication(s) at the monitoring device disposed between the first device and the second device such that the monitoring device monitors the one or more communication(s) between the first device and the second device;
  
  a code segment for analyzing the received mirrored message to provide an analyzed message;
  
  a code segment for storing the analyzed message in one or more log files whenever the analyzed message satisfies one or more troubleshooting criteria, wherein the one or more communication(s) between the first and second devices are an encrypted communication;
  
  a code segment for decrypting the received mirrored message using a security key;
  
  a code segment for providing the one or more log files for post-processing, analysis and troubleshooting;
  
  a code segment for establishing an encrypted network communication channel between the monitoring device and a security device;
  
  a code segment for receiving, at the monitoring device, the security key from the security device via the encrypted network communication channel; and
  
  a code segment for storing the security key.

19. A method for troubleshooting one or more communication(s) between a first device and a second device, comprising the steps of:
- receiving a mirrored message associated with the one or more communication(s) at a monitoring device disposed between the first device and the second device such that the monitoring device monitors the one or more communication(s) between the first device and the second device;
  
  analyzing the received mirrored message to provide an analyzed message;
  
  storing the analyzed message in one or more log files whenever the analyzed message satisfies one or more troubleshooting criteria;
  
  providing the one or more log files for post-processing, analysis and troubleshooting, wherein the one or more communication(s) between the first and second device are an encrypted communication;
  
  decrypting the received mirrored message using a security key;
  
  wherein the foregoing steps are performed by the monitoring device; and
  
  receiving a new security key whenever the security key associated with the one or more communication(s) between the first device and the second device is changed, wherein the security key is changed on a per session or per call basis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Avaya Incorporated
Inventors
Kurapati, Srikrishna, Naim, Ghassan
Primary Examiner(s)
SERRAO, RANODHI N

Application Number

US11/776,549
Publication Number

US 20080016515A1
Time in Patent Office

2,652 Days
Field of Search

709/224, 709/227, 713/171
US Class Current

709/224
CPC Class Codes

H04L 43/04   Processing captured monitor...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

System, method and apparatus for troubleshooting an IP network

First Claim

19 Assignments

0 Petitions

Accused Products

Abstract

71 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and apparatus for troubleshooting an IP network

First Claim

19 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links