Performance optimized and configurable state based heuristic for the classification of real-time transport protocol traffic
First Claim
1. A method for classifying network traffic, the method comprising:
- receiving a first packet of network traffic on a port;
determining a synchronization source identifier (SSRC) associated with the first packet and a first sequence number associated with the first packet;
receiving a subsequent packet of network traffic on the port;
determining a synchronization source identifier (SSRC) and a second sequence number associated with the subsequent packet;
determining whether the SSRC associated with the subsequent packet matches the SSRC associated with the first packet;
determining whether the second sequence number associated with the subsequent packet is within a range of sequence number values, the range defined by (1) a first value greater than the first sequence number and (2) a second value less than the first sequence number, wherein a first difference between the first sequence number and the first value and a second difference between the first sequence number the second value are not equal;
calculating an interval time between reception of the first packet and reception of the subsequent packet;
determining whether the interval time is within a range of time values; and
classifying traffic on the port based on whether the SSRC associated with the first packet matches the SSRC associated with the subsequent packet, the second sequence number associated with the subsequent packet is within the range of sequence number values, and the interval time is within the range of time values.
3 Assignments
0 Petitions
Accused Products
Abstract
A probe receives a first packet over a network on a port. A sequence number and synchronization source identifier (SSRC) associated with the first packet are identified. The probe receives a subsequent packet and a sequence number and SSRC associated with the subsequent packet are determined. The probe determines whether the SSRC associated with first packet and the SSRC associated with the subsequent packet match. Additionally, the probe determines whether the sequence number associated with the subsequent packet is within an acceptable range of values related to the sequence number associated with the first packet. Additionally, the probe calculates the time interval between reception of the packets. The probe classifies traffic on the port as RTP or non-RTP traffic based on analysis of the SSRCs, sequence numbers and time intervals.
-
Citations
20 Claims
-
1. A method for classifying network traffic, the method comprising:
-
receiving a first packet of network traffic on a port; determining a synchronization source identifier (SSRC) associated with the first packet and a first sequence number associated with the first packet; receiving a subsequent packet of network traffic on the port; determining a synchronization source identifier (SSRC) and a second sequence number associated with the subsequent packet; determining whether the SSRC associated with the subsequent packet matches the SSRC associated with the first packet; determining whether the second sequence number associated with the subsequent packet is within a range of sequence number values, the range defined by (1) a first value greater than the first sequence number and (2) a second value less than the first sequence number, wherein a first difference between the first sequence number and the first value and a second difference between the first sequence number the second value are not equal; calculating an interval time between reception of the first packet and reception of the subsequent packet; determining whether the interval time is within a range of time values; and classifying traffic on the port based on whether the SSRC associated with the first packet matches the SSRC associated with the subsequent packet, the second sequence number associated with the subsequent packet is within the range of sequence number values, and the interval time is within the range of time values. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product for classifying network traffic, the computer program product comprising a non-transitory computer-readable storage medium storing instructions that when executed cause at least one processor to:
-
receive a first packet of network traffic on a port; determine a synchronization source identifier (SSRC) associated with the first packet and a first sequence number associated with the first packet; receive a subsequent packet of network traffic on the port; determine a synchronization source identifier (SSRC) and a second sequence number associated with the subsequent packet; determine whether the SSRC associated with the subsequent packet matches the SSRC associated with the first packet; determine whether the second sequence number associated with the subsequent packet is within a range of sequence number values, the range defined by (1) a first value greater than the first sequence number and (2) a second value less than the first sequence number, wherein a first difference between the first sequence number and the first value and a second difference between the first sequence number the second value are not equal; calculate an interval time between reception of the first packet and reception of the subsequent packet; determine whether the interval time is within a range of time values; and classify traffic on the port based on whether the SSRC associated with the first packet matches the SSRC associated with the subsequent packet, the second sequence number associated with the subsequent packet is within the range of sequence number values, and the interval time is within the range of time values. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for classifying network traffic, comprising:
-
a non-transitory computer-readable storage medium storing executable computer program instructions comprising instructions for; receiving a first packet of network traffic on a port; determining a synchronization source identifier (SSRC) associated with the first packet and a first sequence number associated with the first packet; receiving a subsequent packet of network traffic on the port; determining a synchronization source identifier (SSRC) and a second sequence number associated with the subsequent packet; determining whether the SSRC associated with the subsequent packet matches the SSRC associated with the first packet; determining whether the second sequence number associated with the subsequent packet is within a range of sequence number, the range defined by (1) a first value greater than the first sequence number and (2) a second value less than the first sequence number, wherein a first difference between the first sequence number and the first value and a second difference between the first sequence number the second value are not equal; calculating an interval time between reception of the first packet and reception of the subsequent packet; determining whether the interval time is within a range of time values; and classifying traffic on the port based on whether the SSRC associated with the first packet matches the SSRC associated with the subsequent packet, the second sequence number associated with the subsequent packet is within the range of sequence number values, and the interval time is within the range of time values; and a processor for executing the computer program instructions. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification