Correlating packets in communications networks
DC CAFCFirst Claim
Patent Images
1. A method comprising:
- provisioning, by a computing system, a first tap with one or more rules configured to identify a plurality of packets received by a network device from a host located in a first network, wherein a communication path that interfaces the network device and the first network comprises the first tap;
provisioning, by the computing system, a second tap with one or more rules configured to identify a plurality of packets transmitted by the network device to a host located in a second network, wherein a communication path that interfaces the network device and the second network comprises the second tap;
provisioning, by the computing system, the first tap and the second tap with one or more rules specifying a set of network addresses and configured to cause the computing system to log packets destined for one or more network addresses in the set of network addresses;
identifying, by the computing system, the plurality of packets received by the network device;
generating, by the computing system, a plurality of log entries corresponding to the plurality of packets received by the network device;
identifying, by the computing system, the plurality of packets transmitted by the network device;
generating, by the computing system, a plurality of log entries corresponding to the plurality of packets transmitted by the network device;
correlating, by the computing system and based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and
responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device;
generating, by the computing system, data identifying the host located in the first network; and
communicating, by the computing system and to a device located in the first network, the data identifying the host located in the first network.
4 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A computing system may identify packets received by a network device from a host located in a first network and may generate log entries corresponding to the packets received by the network device. The computing system may identify packets transmitted by the network device to a host located in a second network and may generate log entries corresponding to the packets transmitted by the network device. Utilizing the log entries corresponding to the packets received by the network device and the log entries corresponding to the packets transmitted by the network device, the computing system may correlate the packets transmitted by the network device with the packets received by the network device.
78 Citations
207 Claims
-
1. A method comprising:
-
provisioning, by a computing system, a first tap with one or more rules configured to identify a plurality of packets received by a network device from a host located in a first network, wherein a communication path that interfaces the network device and the first network comprises the first tap; provisioning, by the computing system, a second tap with one or more rules configured to identify a plurality of packets transmitted by the network device to a host located in a second network, wherein a communication path that interfaces the network device and the second network comprises the second tap; provisioning, by the computing system, the first tap and the second tap with one or more rules specifying a set of network addresses and configured to cause the computing system to log packets destined for one or more network addresses in the set of network addresses; identifying, by the computing system, the plurality of packets received by the network device; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets received by the network device; identifying, by the computing system, the plurality of packets transmitted by the network device; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets transmitted by the network device; correlating, by the computing system and based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generating, by the computing system, data identifying the host located in the first network; and communicating, by the computing system and to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A system comprising:
-
at least one processor; and a memory storing instructions that when executed by the at least one processor cause the system to; provision a device in a communication link interfacing a network device and a first network with one or more rules configured to identify a plurality of packets received by the network device from a host located in the first network; provision a device in a communication link interfacing the network device and a second network with one or more rules configured to identify a plurality of packets transmitted by the network device to a host located in a second network; provision the device in the communication link interfacing the network device and the first network and the device in the communication link interfacing the network device and the second network with one or more rules specifying a set of network addresses and configured to cause the system to log packets destined for one or more network addresses in the set of network addresses; configure the device in the communication link interfacing the network device with the first network to; identify the plurality of packets received by the network device; generate a plurality of log entries corresponding to the plurality of packets received by the network device; and communicate, to the system, the plurality of log entries corresponding to the plurality of packets received by the network device; configure the device in the communication link interfacing the network device with the second network to; identify the plurality of packets transmitted by the network device; generate a plurality of log entries corresponding to the plurality of packets transmitted by the network device; and communicate, to the system, the plurality of log entries corresponding to the plurality of packets transmitted by the network device; correlate, based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generate data identifying the host located in the first network; and communicate, to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. One or more non-transitory computer-readable media comprising instructions that when executed by a computing system cause the computing system to:
-
provision a device in a communication link interfacing a network device and a first network with one or more rules configured to identify a plurality of packets received by the network device from a host located in the first network; provision a device in a communication link interfacing the network device and a second network with one or more rules configured to identify a plurality of packets transmitted by the network device to a host located in a second network; provision the device in the communication link interfacing the network device and the first network and the device in the communication link interfacing the network device and the second network with one or more rules specifying a set of network addresses and configured to cause the computing system to log packets destined for one or more network addresses in the set of network addresses; configure the device in the communication link interfacing the network device with the first network to; identify the plurality of packets received by the network device; generate a plurality of log entries corresponding to the plurality of packets received by the network device; and communicate, to the computing system, the plurality of log entries corresponding to the plurality of packets received by the network device; configure the device in the communication link interfacing the network device with the second network to; identify the plurality of packets transmitted by the network device; generate a plurality of log entries corresponding to the plurality of packets transmitted by the network device; and communicate, to the computing system, the plurality of log entries corresponding to the plurality of packets transmitted by the network device; correlate, based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generate data identifying the host located in the first network; and communicate, to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
-
-
64. A method comprising:
-
identifying, by a computing system, a plurality of packets received by a network device from a host located in a first network; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets received by the network device, the plurality of log entries corresponding to the plurality of packets received by the network device comprising a plurality of timestamps indicating times corresponding to receipt, by the network device, of the plurality of packets received by the network device; identifying, by the computing system, a plurality of packets transmitted by the network device to a host located in a second network; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of log entries corresponding to the plurality of packets transmitted by the network device comprising a plurality of timestamps indicating times corresponding to transmission, by the network device, of the plurality of packets transmitted by the network device; determining, by the computing system and for each timestamp of the plurality of timestamps indicating the times corresponding to transmission of the plurality of packets transmitted by the network device, that a difference between a time indicated by the timestamp and a time indicated by a timestamp of the plurality of timestamps indicating the times corresponding to receipt of the plurality of packets received by the network device is less than a threshold latency value for the network device; correlating, by the computing system and based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generating, by the computing system, data identifying the host located in the first network; and communicating, by the computing system and to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75)
-
-
76. A system comprising:
-
at least one processor; and a memory storing instructions that when executed by the at least one processor cause the system to; identify a plurality of packets received by a network device from a host located in a first network; generate a plurality of log entries corresponding to the plurality of packets received by the network device, the plurality of log entries corresponding to the plurality of packets received by the network device comprising a plurality of timestamps indicating times corresponding to receipt, by the network device, of the plurality of packets received by the network device; identify a plurality of packets transmitted by the network device to a host located in a second network; generate a plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of log entries corresponding to the plurality of packets transmitted by the network device comprising a plurality of timestamps indicating times corresponding to transmission, by the network device, of the plurality of packets transmitted by the network device; determine, for each timestamp of the plurality of timestamps indicating the times corresponding to transmission of the plurality of packets transmitted by the network device, that a difference between a time indicated by the timestamp and a time indicated by a timestamp of the plurality of timestamps indicating the times corresponding to receipt of the plurality of packets received by the network device is less than a threshold latency value for the network device; correlate, based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generate data identifying the host located in the first network; and communicate, to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87)
-
-
88. One or more non-transitory computer-readable media comprising instructions that when executed by a computing system cause the computing system to:
-
identify a plurality of packets received by a network device from a host located in a first network; generate a plurality of log entries corresponding to the plurality of packets received by the network device, the plurality of log entries corresponding to the plurality of packets received by the network device comprising a plurality of timestamps indicating times corresponding to receipt, by the network device, of the plurality of packets received by the network device; identify a plurality of packets transmitted by the network device to a host located in a second network; generate a plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of log entries corresponding to the plurality of packets transmitted by the network device comprising a plurality of timestamps indicating times corresponding to transmission, by the network device, of the plurality of packets transmitted by the network device; determine, for each timestamp of the plurality of timestamps indicating the times corresponding to transmission of the plurality of packets transmitted by the network device, that a difference between a time indicated by the timestamp and a time indicated by a timestamp of the plurality of timestamps indicating the times corresponding to receipt of the plurality of packets received by the network device is less than a threshold latency value for the network device; correlate, based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generate data identifying the host located in the first network; and communicate, to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99)
-
-
100. A method comprising:
-
identifying, by a computing system, a plurality of packets received by a network device from a host located in a first network; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets received by the network device, the plurality of log entries corresponding to the plurality of packets received by the network device comprising a plurality of timestamps indicating times corresponding to receipt, by the network device, of the plurality of packets received by the network device; identifying, by the computing system, a plurality of packets transmitted by the network device to a host located in a second network; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of log entries corresponding to the plurality of packets transmitted by the network device comprising a plurality of timestamps indicating times corresponding to transmission, by the network device, of the plurality of packets transmitted by the network device; determining, by the computing system, a plurality of latency values for the network device, wherein determining the plurality of latency values comprises determining, for each timestamp of a first portion of the plurality of timestamps indicating the times corresponding to transmission of the plurality of packets transmitted by the network device a difference between a time indicated by the timestamp and a time indicated by a timestamp of the plurality of timestamps indicating the times corresponding to receipt of the plurality of packets received by the network device; determining, by the computing system and based on the plurality of latency values, a threshold latency value for the network device; determining, by the computing system and for each timestamp of a second portion of the plurality of timestamps indicating the times corresponding to transmission of the plurality of packets transmitted by the network device that a difference between a time indicated by the timestamp and a time indicated by a timestamp of the plurality of timestamps indicating the times corresponding to receipt of the plurality of packets received by the network device is less than the threshold latency value for the network device; correlating, by the computing system and based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generating, by the computing system, data identifying the host located in the first network; and communicating, by the computing system and to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (101, 102, 103, 104, 105, 106, 107, 108, 109, 110)
-
-
111. A system comprising:
-
at least one processor; and a memory storing instructions that when executed by the at least one processor cause the system to; identify a plurality of packets received by a network device from a host located in a first network; generate a plurality of log entries corresponding to the plurality of packets received by the network device, the plurality of log entries corresponding to the plurality of packets received by the network device comprising a plurality of timestamps indicating times corresponding to receipt, by the network device, of the plurality of packets received by the network device; identify a plurality of packets transmitted by the network device to a host located in a second network; generate a plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of log entries corresponding to the plurality of packets transmitted by the network device comprising a plurality of timestamps indicating times corresponding to transmission, by the network device, of the plurality of packets transmitted by the network device; determine a plurality of latency values for the network device, wherein the plurality of latency values comprises, for each timestamp of a first portion of the plurality of timestamps indicating the times corresponding to transmission of the plurality of packets transmitted by the network device, a difference between a time indicated by the timestamp and a time indicated by a timestamp of the plurality of timestamps indicating the times corresponding to receipt of the plurality of packets received by the network device; determine, based on the plurality of latency values, a threshold latency value for the network device; determine, for each timestamp of a second portion of the plurality of timestamps indicating the times corresponding to transmission of the plurality of packets transmitted by the network device that a difference between a time indicated by the timestamp and a time indicated by a timestamp of the plurality of timestamps indicating the times corresponding to receipt of the plurality of packets received by the network device is less than the threshold latency value for the network device; correlate, based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generate data identifying the host located in the first network; and communicate, to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (112, 113, 114, 115, 116, 117, 118, 119, 120, 121)
-
-
122. One or more non-transitory computer-readable media comprising instructions that when executed by a computing system cause the computing system to:
-
identify a plurality of packets received by a network device from a host located in a first network; generate a plurality of log entries corresponding to the plurality of packets received by the network device, the plurality of log entries corresponding to the plurality of packets received by the network device comprising a plurality of timestamps indicating times corresponding to receipt, by the network device, of the plurality of packets received by the network device; identify a plurality of packets transmitted by the network device to a host located in a second network; generate a plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of log entries corresponding to the plurality of packets transmitted by the network device comprising a plurality of timestamps indicating times corresponding to transmission, by the network device, of the plurality of packets transmitted by the network device; determine a plurality of latency values for the network device, wherein the plurality of latency values comprises, for each timestamp of a first portion of the plurality of timestamps indicating the times corresponding to transmission of the plurality of packets transmitted by the network device, a difference between a time indicated by the timestamp and a time indicated by a timestamp of the plurality of timestamps indicating the times corresponding to receipt of the plurality of packets received by the network device; determine, based on the plurality of latency values, a threshold latency value for the network device; determine, for each timestamp of a second portion of the plurality of timestamps indicating the times corresponding to transmission of the plurality of packets transmitted by the network device that a difference between a time indicated by the timestamp and a time indicated by a timestamp of the plurality of timestamps indicating the times corresponding to receipt of the plurality of packets received by the network device is less than the threshold latency value for the network device; correlate, based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generate data identifying the host located in the first network; and communicate, to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (123, 124, 125, 126, 127, 128, 129, 130, 131, 132)
-
-
133. A method comprising:
-
identifying, by a computing system, a plurality of packets received by a proxy device from a host located in a first network, the proxy device being configured to receive requests, for data from a host located in a second network, transmitted by the host located in the first network, and the proxy device being configured to generate requests corresponding to the requests transmitted by the host located in the first network and configured to cause the host located in the second network to transmit, to the proxy device, the data from the host located in the second network; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets received by the proxy device; identifying, by the computing system, a plurality of packets transmitted by the proxy device to the host located in the second network; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets transmitted by the proxy device; correlating, by the computing system and based on the plurality of log entries corresponding to the plurality of packets received by the proxy device, the plurality of log entries corresponding to the plurality of packets transmitted by the proxy device, and a comparison of data from the requests transmitted by the host located in the first network with data from the requests corresponding to the requests transmitted by the host located in the first network, the plurality of packets transmitted by the proxy device with the plurality of packets received by the proxy device; and responsive to correlating the plurality of packets transmitted by the proxy device with the plurality of packets received by the proxy device; generating, by the computing system, data identifying the host located in the first network; and communicating, by the computing system and to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (134, 135, 136, 137, 138, 139, 140, 141)
-
-
142. A system comprising:
-
at least one processor; and a memory storing instructions that when executed by the at least one processor cause the system to; identify a plurality of packets received by a proxy device from a host located in a first network, the proxy device being configured to receive requests, for data from a host located in a second network, transmitted by the host located in the first network, and the proxy device being configured to generate requests corresponding to the requests transmitted by the host located in the first network and configured to cause the host located in the second network to transmit, to the proxy device, the data from the host located in the second network; generate a plurality of log entries corresponding to the plurality of packets received by the proxy device; identify a plurality of packets transmitted by the proxy device to the host located in the second network; generate a plurality of log entries corresponding to the plurality of packets transmitted by the proxy device; correlate, based on the plurality of log entries corresponding to the plurality of packets received by the proxy device, the plurality of log entries corresponding to the plurality of packets transmitted by the proxy device, and a comparison of data from the requests transmitted by the host located in the first network with data from the requests corresponding to the requests transmitted by the host located in the first network, the plurality of packets transmitted by the proxy device with the plurality of packets received by the proxy device; and responsive to correlating the plurality of packets transmitted by the proxy device with the plurality of packets received by the proxy device; generate data identifying the host located in the first network; and communicate, to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (143, 144, 145, 146, 147, 148, 149, 150)
-
-
151. One or more non-transitory computer-readable media comprising instructions that when executed by a computing system cause the computing system to:
-
identify a plurality of packets received by a proxy device from a host located in a first network, the proxy device being configured to receive requests, for data from a host located in a second network, transmitted by the host located in the first network, and the proxy device being configured to generate requests corresponding to the requests transmitted by the host located in the first network and configured to cause the host located in the second network to transmit, to the proxy device, the data from the host located in the second network; generate a plurality of log entries corresponding to the plurality of packets received by the proxy device; identify a plurality of packets transmitted by the proxy device to the host located in the second network; generate a plurality of log entries corresponding to the plurality of packets transmitted by the proxy device; correlate, based on the plurality of log entries corresponding to the plurality of packets received by the proxy device, the plurality of log entries corresponding to the plurality of packets transmitted by the proxy device, and a comparison of data from the requests transmitted by the host located in the first network with data from the requests corresponding to the requests transmitted by the host located in the first network, the plurality of packets transmitted by the proxy device with the plurality of packets received by the proxy device; and responsive to correlating the plurality of packets transmitted by the proxy device with the plurality of packets received by the proxy device; generate data identifying the host located in the first network; and communicate, to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (152, 153, 154, 155, 156, 157, 158, 159)
-
-
160. A method comprising:
-
identifying, by a computing system, a plurality of packets received by a gateway device from a host located in a first network, the gateway device being configured to receive, from the host located in the first network, data destined for a host located in a second network, and the gateway device being configured to generate one or more packets, destined for the host located in the second network, encapsulating the data destined for the host located in the second network; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets received by the gateway device; identifying, by the computing system, a plurality of packets transmitted by the gateway device to the host located in the second network; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets transmitted by the gateway device; correlating, by the computing system and based on the plurality of log entries corresponding to the plurality of packets received by the gateway device, the plurality of log entries corresponding to the plurality of packets transmitted by the gateway device, and a comparison of at least a portion of the data destined for the host located in the second network with data from the one or more packets encapsulating the data destined for the host located in the second network, the plurality of packets transmitted by the gateway device with the plurality of packets received by the gateway device; and responsive to correlating the plurality of packets transmitted by the gateway device with the plurality of packets received by the gateway device; generating, by the computing system, data identifying the host located in the first network; and communicating, by the computing system and to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (161, 162, 163, 164, 165, 166, 167, 168)
-
-
169. A system comprising:
-
at least one processor; and a memory storing instructions that when executed by the at least one processor cause the system to; identify a plurality of packets received by a gateway device from a host located in a first network, the gateway device being configured to receive, from the host located in the first network, data destined for a host located in a second network, and the gateway device being configured to generate one or more packets, destined for the host located in the second network, encapsulating the data destined for the host located in the second network; generate a plurality of log entries corresponding to the plurality of packets received by the gateway device; identify a plurality of packets transmitted by the gateway device to the host located in the second network; generate a plurality of log entries corresponding to the plurality of packets transmitted by the gateway device; correlate, based on the plurality of log entries corresponding to the plurality of packets received by the gateway device, the plurality of log entries corresponding to the plurality of packets transmitted by the gateway device, and a comparison of at least a portion of the data destined for the host located in the second network with data from the one or more packets encapsulating the data destined for the host located in the second network, the plurality of packets transmitted by the gateway device with the plurality of packets received by the gateway device; and responsive to correlating the plurality of packets transmitted by the gateway device with the plurality of packets received by the gateway device; generate data identifying the host located in the first network; and communicate, to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (170, 171, 172, 173, 174, 175, 176, 177)
-
-
178. One or more non-transitory computer-readable media comprising instructions that when executed by a computing system cause the computing system to:
-
identify a plurality of packets received by a gateway device from a host located in a first network, the gateway device being configured to receive, from the host located in the first network, data destined for a host located in a second network, and the gateway device being configured to generate one or more packets, destined for the host located in the second network, encapsulating the data destined for the host located in the second network; generate a plurality of log entries corresponding to the plurality of packets received by the gateway device; identify a plurality of packets transmitted by the gateway device to the host located in the second network; generate a plurality of log entries corresponding to the plurality of packets transmitted by the gateway device; correlate, based on the plurality of log entries corresponding to the plurality of packets received by the gateway device, the plurality of log entries corresponding to the plurality of packets transmitted by the gateway device, and a comparison of at least a portion of the data destined for the host located in the second network with data from the one or more packets encapsulating the data destined for the host located in the second network, the plurality of packets transmitted by the gateway device with the plurality of packets received by the gateway device; and responsive to correlating the plurality of packets transmitted by the gateway device with the plurality of packets received by the gateway device; generate data identifying the host located in the first network; and communicate, to a device located in the first network, the data identifying the host located in the first network. - View Dependent Claims (179, 180, 181, 182, 183, 184, 185, 186)
-
-
187. A method comprising:
-
identifying, by a computing system, a plurality of packets received by a network device from a host located in a first network; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets received by the network device; identifying, by the computing system, a plurality of packets transmitted by the network device to a host located in a second network; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets transmitted by the network device; correlating, by the computing system and based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generating, by the computing system, one or more rules configured to identify packets received from the host located in the first network; and provisioning, by the computing system, a packet-filtering device in a communication path that interfaces the network device and the first network with the one or more rules configured to identify packets received from the host located in the first network; and identifying, by the packet-filtering device and based on the one or more rules configured to identify packets received from the host located in the first network, at least one packet received from the host located in the first network; and responsive to identifying the at least one packet received from the host located in the first network, dropping, by the packet-filtering device, the at least one packet received from the host located in the first network. - View Dependent Claims (188, 189, 190, 191, 192, 193)
-
-
194. A system comprising:
-
at least one processor; and a memory storing instructions that when executed by the at least one processor cause the system to; identify a plurality of packets received by a network device from a host located in a first network; generate a plurality of log entries corresponding to the plurality of packets received by the network device; identify a plurality of packets transmitted by the network device to a host located in a second network; generate a plurality of log entries corresponding to the plurality of packets transmitted by the network device; correlate, based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generate one or more rules configured to identify packets received from the host located in the first network; provision a packet-filtering device in a communication path that interfaces the network device and the first network with the one or more rules configured to identify packets received from the host located in the first network; and configure the packet-filtering device to; identify, based on the one or more rules configured to identify packets received from the host located in the first network, at least one packet received from the host located in the first network; and responsive to identifying the at least one packet received from the host located in the first network, drop the at least one packet received from the host located in the first network. - View Dependent Claims (195, 196, 197, 198, 199, 200)
-
-
201. One or more non-transitory computer-readable media comprising instructions that when executed by a computing system cause the computing system to:
-
identify a plurality of packets received by a network device from a host located in a first network; generate a plurality of log entries corresponding to the plurality of packets received by the network device; identify a plurality of packets transmitted by the network device to a host located in a second network; generate a plurality of log entries corresponding to the plurality of packets transmitted by the network device; correlate, based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generate one or more rules configured to identify packets received from the host located in the first network; provision a packet-filtering device in a communication path that interfaces the network device and the first network with the one or more rules configured to identify packets received from the host located in the first network; and configure the packet-filtering device to; identify, based on the one or more rules configured to identify packets received from the host located in the first network, at least one packet received from the host located in the first network; and responsive to identifying the at least one packet received from the host located in the first network, drop the at least one packet received from the host located in the first network. - View Dependent Claims (202, 203, 204, 205, 206, 207)
-
Specification