Method, apparatus and system for filtering captured network traffic

US 9,148,358 B2
Filed: 10/05/2010
Issued: 09/29/2015
Est. Priority Date: 10/05/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving instructions, at a network captured traffic distribution device communicatively coupled to a plurality of network captured network traffic distribution devices arranged in a stacked topology in which the network captured traffic distribution device exchanges configuration information with at least one of the plurality of network captured traffic distribution devices, to filter received captured network traffic according to one or more criterion, the captured network traffic being a copy of the network traffic flowing through a communication network to a first target destination;

receiving captured network traffic by the network captured network traffic distribution device from at least one of an inline traffic capture point and a minor port;

filtering in accordance with the configuration information, by the network captured network traffic distribution device, the received captured network traffic responsively to the received instructions, wherein the received instructions include a criterion used to filter the received captured network traffic;

generating, by the network captured traffic distribution device, a plurality of filtered captured network traffic sets from the filtered captured network traffic;

determining, by the network captured network traffic distribution device, a second target destination of each filtered captured network traffic set;

determining, by the network captured traffic distribution device, filtered captured network traffic sets of the plurality of filtered captured network traffic sets that have a same second target destination;

aggregating, by the network captured traffic distribution device, the filtered captured network traffic sets determined to have the same second target destination; and

transmitting, by the network captured network traffic distribution device, the aggregated filtered captured network traffic sets toward the second target destination determined for the aggregated filtered captured network traffic sets.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, computer-readable media, and devices for filtering captured network traffic received by a network captured traffic distribution device communicatively coupled to a plurality of network captured network traffic distribution devices arranged in a stacked topology are described. Methods, systems, computer-readable media, and devices for applying a plurality of filters to received captured network traffic by a network captured traffic distribution device communicatively coupled to a plurality of network captured network traffic distribution devices arranged in a stacked topology are also described. Applying a plurality of filters to the received captured traffic may generate a plurality of filtered captured traffic sets. In some instances, filtered captured network traffic sets that have similar target destinations may be aggregated together and transmitted toward the target destination.

40 Citations

View as Search Results

18 Claims

1. A method comprising:
- receiving instructions, at a network captured traffic distribution device communicatively coupled to a plurality of network captured network traffic distribution devices arranged in a stacked topology in which the network captured traffic distribution device exchanges configuration information with at least one of the plurality of network captured traffic distribution devices, to filter received captured network traffic according to one or more criterion, the captured network traffic being a copy of the network traffic flowing through a communication network to a first target destination;
  
  receiving captured network traffic by the network captured network traffic distribution device from at least one of an inline traffic capture point and a minor port;
  
  filtering in accordance with the configuration information, by the network captured network traffic distribution device, the received captured network traffic responsively to the received instructions, wherein the received instructions include a criterion used to filter the received captured network traffic;
  
  generating, by the network captured traffic distribution device, a plurality of filtered captured network traffic sets from the filtered captured network traffic;
  
  determining, by the network captured network traffic distribution device, a second target destination of each filtered captured network traffic set;
  
  determining, by the network captured traffic distribution device, filtered captured network traffic sets of the plurality of filtered captured network traffic sets that have a same second target destination;
  
  aggregating, by the network captured traffic distribution device, the filtered captured network traffic sets determined to have the same second target destination; and
  
  transmitting, by the network captured network traffic distribution device, the aggregated filtered captured network traffic sets toward the second target destination determined for the aggregated filtered captured network traffic sets.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the determination of the second target destination of each filtered captured network traffic set is based on the criterion used to filter the received captured network traffic.
  - 3. The method of claim 1, wherein the network captured traffic distribution device includes a plurality of input ports and the received instructions include applying a filter to all captured network traffic received via an input port of the plurality of input ports.
  - 4. The method of claim 1, further comprising:
    - transmitting the received filtering instructions from the network captured traffic distribution device to at least one additional network captured traffic distribution device included in the stacked topology.
  - 5. The method of claim 1, wherein the instructions are received via a graphic user interface (GUI).
  - 6. The method of claim 1, wherein the second target destination is at least one of a monitoring device, a protocol analyzer, a flight recorder, an intrusion detection system, a media analyzer, a signaling analyzer, a web analyzer, a database analyzer, a voice signaling analyzer, an Internet protocol television (IPTV) analyzer, an application analyzer, a voice analyzer, and a forensic analyzer.
  - 7. The method of claim 1, wherein the received network traffic is received via at least one of a traffic capture device positioned at a traffic capture point located between two communication nodes and a minor port of a network switch.

8. A method comprising:
- receiving captured network traffic from at least one of an inline traffic capture point and a mirror port at a network captured traffic distribution device communicatively coupled to a plurality of network captured network traffic distribution devices arranged in a stacked topology in which the network captured traffic distribution device exchanges configuration information with at least one of the plurality of network captured traffic distribution devices, the captured network traffic being a copy of the network traffic flowing through a communication network to a first target destination;
  
  applying, by the network captured traffic distribution device, a plurality of filters to the captured network traffic according to a criterion indicated by the configuration information;
  
  generating, by the network captured traffic distribution device, a plurality of filtered captured network traffic sets from the filtered captured network traffic;
  
  determining, by the network captured network traffic distribution device, a second target destination of each filtered captured network traffic set;
  
  determining, by the network captured traffic distribution device, filtered captured network traffic sets of the plurality of filtered captured network traffic sets that have a same second target destination;
  
  aggregating, by the network captured traffic distribution device, the filtered captured network traffic sets determined to have the same second target destination; and
  
  transmitting, by the network captured traffic distribution device, the aggregated filtered captured network traffic sets toward the second target destination determined for the aggregated filtered captured network traffic sets.
- View Dependent Claims (9, 10)
- - 9. The method of claim 8, wherein the second target destination is at least one of a monitoring device, a protocol analyzer, a flight recorder, an intrusion detection system, a media analyzer, a signaling analyzer, a web analyzer, a database analyzer, a voice signaling analyzer, an Internet protocol television (IPTV) analyzer, an application analyzer, a voice analyzer, and a forensic analyzer.
  - 10. The method of claim 8, wherein the received network traffic is received via at least one of a traffic capture device positioned at a traffic capture point located between two communication nodes and a minor port of a network switch.

11. An apparatus comprising:
- a plurality of bi-directional ports configured to receive instructions to filter received captured network traffic according to one or more criteria, the instructions being at least one of included in configuration data and received from a user, and perform at least one of receiving captured network traffic from at least one of an inline traffic capture point and a mirror port, the captured network traffic being a copy of the network traffic flowing through a communication network to a first target destination and echoing received captured network traffic to one or more of the plurality of bi-directional ports;
  
  an egress port configured to transmit received captured network traffic to an external device;
  
  a stacking port configured to enable, via a communication link, the stacking of the network captured traffic distribution device with at least one additional network captured traffic distribution device in a stacked topology wherein the stacking includes an exchange of the configuration information between the network captured traffic distribution device and the additional network captured traffic distribution device; and
  
  a processor configured to filter, in accordance with the received instructions, the received captured network traffic responsively to the received instructions, wherein the received instructions include a criterion used to filter the received captured network traffic, the processor further configured to generate a plurality of filtered captured network traffic sets from the filtered captured network traffic, determine a second target destination of each filtered captured network traffic set, determine filtered captured network traffic sets of the plurality of filtered captured network traffic sets that have a same second target destination, aggregate the filtered captured network traffic sets determined to have the same second target destination, and and manage distribution of the aggregated filtered captured network traffic sets toward the second target destination determined for the aggregated filtered captured network traffic sets.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The apparatus of claim 11, wherein the stacking port is configured to enable the network captured traffic distribution device to be stacked in at least one of a ring topology, a mesh topology, a star topology, a topology of single links, a topology of multiple links, a topology including one or more redundant links, and some combination thereof.
  - 13. The apparatus of claim 11, wherein at least one of the bi-directional ports, the egress port, and the stacking port is compatible with at least one of a 10/100 Ethernet cable, a 1 gigabit Ethernet cable, a 10 gigabit Ethernet cable, a copper cable, and a fiber cable.
  - 14. The apparatus of claim 11, wherein the processor is further configured to enable peer-to-peer communication between the network captured traffic distribution device and the additional stacked network captured traffic distribution device.
  - 15. The apparatus of claim 11, wherein the processor is further configured to manage distribution of received captured network traffic through the stacked topology.
  - 16. The apparatus of claim 11, further comprising:
    - an application specific integrated circuit configured to distribute the captured traffic through the network captured traffic distribution device.
  - 17. The apparatus of claim 11, wherein the configuration information includes instructions regarding at least one of determining based on performance of an analysis or a calculation unrelated to a route to the first target destination a second target destination for received captured network traffic, pre-calculating at least one route for the transmission of received captured network traffic from an origin through the stacked topology to the second target destination, determining an optimum route for the transmission of captured network traffic from an origin through the stacked topology to the second target destination, load balancing a distribution of received captured traffic through the stacked topology, load spreading a distribution of received captured traffic through the stacked topology, grooming received captured network traffic, filtering received network traffic transmitted through the stacked topology according to a criterion, aggregating received network traffic transmitted through the stacked topology, and evaluating a current operating condition of the stacked topology.
  - 18. The apparatus of claim 11, wherein the stacking port is a monitor port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetScout Systems Incorporated
Original Assignee
VSS Monitoring Incorporated (NetScout Systems Incorporated)
Inventors
Breslin, Terence M., Kucharczyk, David, Hinshaw, Jan Allen
Primary Examiner(s)
Nguyen, Thuong

Application Number

US12/898,572
Publication Number

US 20110087772A1
Time in Patent Office

1,820 Days
Field of Search

709/224, 709/233, 370/389, 370/351
US Class Current

1/1
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/0816   the condition being an adap...

H04L 41/12   Discovery or management of ...

H04L 41/122   of virtualised topologies, ...

H04L 43/028   by filtering

H04L 43/045   for graphical visualisation...

H04L 43/12   Network monitoring probes

H04L 45/00   Routing or path finding of ...

Method, apparatus and system for filtering captured network traffic

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method, apparatus and system for filtering captured network traffic

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links