Performance optimized and configurable state based heuristic for the classification of real-time transport protocol traffic

US 9,065,744 B2
Filed: 06/20/2011
Issued: 06/23/2015
Est. Priority Date: 06/20/2011
Status: Active Grant

First Claim

Patent Images

1. A method for classifying network traffic, the method comprising:

receiving a first packet of network traffic on a port;

determining a synchronization source identifier (SSRC) associated with the first packet and a first sequence number associated with the first packet;

receiving a subsequent packet of network traffic on the port;

determining a synchronization source identifier (SSRC) and a second sequence number associated with the subsequent packet;

determining whether the SSRC associated with the subsequent packet matches the SSRC associated with the first packet;

determining whether the second sequence number associated with the subsequent packet is within a range of sequence number values, the range defined by (1) a first value greater than the first sequence number and (2) a second value less than the first sequence number, wherein a first difference between the first sequence number and the first value and a second difference between the first sequence number the second value are not equal;

calculating an interval time between reception of the first packet and reception of the subsequent packet;

determining whether the interval time is within a range of time values; and

classifying traffic on the port based on whether the SSRC associated with the first packet matches the SSRC associated with the subsequent packet, the second sequence number associated with the subsequent packet is within the range of sequence number values, and the interval time is within the range of time values.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A probe receives a first packet over a network on a port. A sequence number and synchronization source identifier (SSRC) associated with the first packet are identified. The probe receives a subsequent packet and a sequence number and SSRC associated with the subsequent packet are determined. The probe determines whether the SSRC associated with first packet and the SSRC associated with the subsequent packet match. Additionally, the probe determines whether the sequence number associated with the subsequent packet is within an acceptable range of values related to the sequence number associated with the first packet. Additionally, the probe calculates the time interval between reception of the packets. The probe classifies traffic on the port as RTP or non-RTP traffic based on analysis of the SSRCs, sequence numbers and time intervals.

Citations

20 Claims

1. A method for classifying network traffic, the method comprising:
- receiving a first packet of network traffic on a port;
  
  determining a synchronization source identifier (SSRC) associated with the first packet and a first sequence number associated with the first packet;
  
  receiving a subsequent packet of network traffic on the port;
  
  determining a synchronization source identifier (SSRC) and a second sequence number associated with the subsequent packet;
  
  determining whether the SSRC associated with the subsequent packet matches the SSRC associated with the first packet;
  
  determining whether the second sequence number associated with the subsequent packet is within a range of sequence number values, the range defined by (1) a first value greater than the first sequence number and (2) a second value less than the first sequence number, wherein a first difference between the first sequence number and the first value and a second difference between the first sequence number the second value are not equal;
  
  calculating an interval time between reception of the first packet and reception of the subsequent packet;
  
  determining whether the interval time is within a range of time values; and
  
  classifying traffic on the port based on whether the SSRC associated with the first packet matches the SSRC associated with the subsequent packet, the second sequence number associated with the subsequent packet is within the range of sequence number values, and the interval time is within the range of time values.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein classifying traffic on the port comprises classifying traffic as Real-Time Transport Protocol (RTP) traffic or non-RTP traffic.
  - 3. The method of claim 1, wherein the acceptable range of time values is user configurable.
  - 4. The method of claim 1, further comprising:
    - determining a directionality of the first packet and a plurality of subsequent packets; and
      
      verifying that the directionality of the first packet matches the directionality of the plurality of subsequent packets.
  - 5. The method of claim 1, further comprising:
    - determining whether the subsequent packet exceeds a maximum number of packets to be analyzed.
  - 6. The method of claim 1, further comprising:
    - determining a payload type of the subsequent packet; and
      
      determining whether a payload length of the subsequent packet is within a range of payload length values associated with the payload type.
  - 7. The method of claim 1, further comprising:
    - responsive to determining that the second sequence number associated with the subsequent packet is outside of the range of sequence number values, increasing a number of samples to be analyzed prior to classifying traffic on the port.

8. A computer program product for classifying network traffic, the computer program product comprising a non-transitory computer-readable storage medium storing instructions that when executed cause at least one processor to:
- receive a first packet of network traffic on a port;
  
  determine a synchronization source identifier (SSRC) associated with the first packet and a first sequence number associated with the first packet;
  
  receive a subsequent packet of network traffic on the port;
  
  determine a synchronization source identifier (SSRC) and a second sequence number associated with the subsequent packet;
  
  determine whether the SSRC associated with the subsequent packet matches the SSRC associated with the first packet;
  
  determine whether the second sequence number associated with the subsequent packet is within a range of sequence number values, the range defined by (1) a first value greater than the first sequence number and (2) a second value less than the first sequence number, wherein a first difference between the first sequence number and the first value and a second difference between the first sequence number the second value are not equal;
  
  calculate an interval time between reception of the first packet and reception of the subsequent packet;
  
  determine whether the interval time is within a range of time values; and
  
  classify traffic on the port based on whether the SSRC associated with the first packet matches the SSRC associated with the subsequent packet, the second sequence number associated with the subsequent packet is within the range of sequence number values, and the interval time is within the range of time values.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, wherein classifying traffic on the port comprises classifying traffic as Real-Time Transport Protocol (RTP) traffic or non-RTP traffic.
  - 10. The computer program product of claim 8, wherein a range of ports is automatically classified based on a configured preference.
  - 11. The computer program product of claim 8, further comprising:
    - determine a directionality of the first packet and a plurality of subsequent packets; and
      
      verify that the directionality of the first packet matches the directionality of the plurality of subsequent packets.
  - 12. The computer program product of claim 8, further comprising:
    - determine whether the subsequent packet exceeds a maximum number of packets to be analyzed.
  - 13. The computer program product of claim 8, further comprising:
    - determine a payload type of the subsequent packet; and
      
      determine whether a payload length of the subsequent packet is within a range of payload length values associated with the payload type.
  - 14. The computer program product of claim 8, further comprising:
    - responsive to determining that the second sequence number associated with the subsequent packet is outside of the range of sequence number values, increasing a number of samples to be analyzed prior to classifying traffic on the port.

15. A system for classifying network traffic, comprising:
- a non-transitory computer-readable storage medium storing executable computer program instructions comprising instructions for;
  
  receiving a first packet of network traffic on a port;
  
  determining a synchronization source identifier (SSRC) associated with the first packet and a first sequence number associated with the first packet;
  
  receiving a subsequent packet of network traffic on the port;
  
  determining a synchronization source identifier (SSRC) and a second sequence number associated with the subsequent packet;
  
  determining whether the SSRC associated with the subsequent packet matches the SSRC associated with the first packet;
  
  determining whether the second sequence number associated with the subsequent packet is within a range of sequence number, the range defined by (1) a first value greater than the first sequence number and (2) a second value less than the first sequence number, wherein a first difference between the first sequence number and the first value and a second difference between the first sequence number the second value are not equal;
  
  calculating an interval time between reception of the first packet and reception of the subsequent packet;
  
  determining whether the interval time is within a range of time values; and
  
  classifying traffic on the port based on whether the SSRC associated with the first packet matches the SSRC associated with the subsequent packet, the second sequence number associated with the subsequent packet is within the range of sequence number values, and the interval time is within the range of time values; and
  
  a processor for executing the computer program instructions.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein classifying traffic on the port comprises classifying traffic as Real-Time Transport Protocol (RTP) traffic or non-RTP traffic.
  - 17. The system of claim 15, wherein the acceptable range of time values is user configurable.
  - 18. The system of claim 15, further comprising instructions for:
    - determining a directionality of the first packet and a plurality of subsequent packets; and
      
      verifying that the directionality of the first packet matches the directionality of the plurality of subsequent packets.
  - 19. The system of claim 15, further comprising instructions for:
    - determining whether the subsequent packet exceeds a maximum number of packets to be analyzed.
  - 20. The system of claim 15, further comprising:
    - responsive to determining that the second sequence number associated with the subsequent packet is outside of the range of sequence number values, increasing a number of samples to be analyzed prior to classifying traffic on the port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetScout Systems Incorporated
Original Assignee
NetScout Systems Incorporated
Inventors
Harrison, David Ronald
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Ghafoerkhan, Faiyazkhan

Application Number

US13/164,638
Publication Number

US 20120320767A1
Time in Patent Office

1,464 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 41/145   involving simulating, desig...

H04L 43/0852   Delays

H04L 43/12   Network monitoring probes

Performance optimized and configurable state based heuristic for the classification of real-time transport protocol traffic

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Performance optimized and configurable state based heuristic for the classification of real-time transport protocol traffic

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links