Dedicated network interface

US 9,455,896 B2
Filed: 01/17/2008
Issued: 09/27/2016
Est. Priority Date: 07/23/2007
Status: Active Grant

First Claim

Patent Images

1. A method of recording computer communications, comprising:

receiving, by a transport layer of a recording computer, a first IP packet directed to a recording network interface of the recording computer, wherein the transport layer receives the first IP packet from a recording network interface of the recording computer;

allocating, by the transport layer of the recording computer, the first IP packet to a first recording stream of packets based only upon examining a single value located at a first fixed offset in the first IP packet, wherein the single value located at the first fixed offset in the first IP packet is a destination port number; and

wherein the allocation is performed without testing a protocol type field of the first IP packet; and

storing at the recording computer at least a portion of the first IP packet associated with the first recording stream of packets.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer communications that are to be recorded are visible to a network interface on a recording computer. The network interface receives the packets to be recorded. The network layer of the recording computer implements a subset of the normal IP module in the network layer. Instead of checking every IP packet, the IP module in the network layer assumes that most IP packets are correctly addressed, internally consistent and of the expected protocol type. The recording computer allocates the received packets to a recording session based upon the value of a field that is at a fixed position within the packet. Packets that are allocated to a session are recorded or associated with other packets that have been allocated to the same session.

Citations

22 Claims

1. A method of recording computer communications, comprising:
- receiving, by a transport layer of a recording computer, a first IP packet directed to a recording network interface of the recording computer, wherein the transport layer receives the first IP packet from a recording network interface of the recording computer;
  
  allocating, by the transport layer of the recording computer, the first IP packet to a first recording stream of packets based only upon examining a single value located at a first fixed offset in the first IP packet, wherein the single value located at the first fixed offset in the first IP packet is a destination port number; and
  
  wherein the allocation is performed without testing a protocol type field of the first IP packet; and
  
  storing at the recording computer at least a portion of the first IP packet associated with the first recording stream of packets.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - receiving, by the transport layer of the recording computer, a second IP packet directed to the recording network interface of the recording computer;
      
      allocating, by the transport layer of the recording computer, the second IP packet to a second recording stream of packets based only upon examining a single value located at the first fixed offset in the second IP packet, wherein the single value located at the first fixed offset in the second IP packet is a destination port number of the second IP packet; and
      
      wherein the allocation is performed without testing a protocol type field of the first IP packet; and
      
      storing at the recording computer at least a portion of the second IP packet associated with the second recording stream of packets.
  - 3. The method of claim 1, further comprising:
    - checking the second IP packet for an indication that storing of the second recording stream of packets should be stopped; and
      
      stopping storing the second recording stream of packets if the checking of the second IP packet indicates that storing of the second recording stream of packets should be stopped.
  - 4. The method of claim 1, wherein the first IP packet is also a UDP packet and the single value located at the first fixed offset within the first IP packet is a UDP port number.
  - 5. The method of claim 1, further comprising:
    - checking the second IP packet to determine that a Denial of Service attack (DoS) is being directed against the destination port of the second IP packet; and
      
      directing the transport layer to stop allocating packets directed to the destination port of the second IP packet.

6. A system of recording computer communications, comprising:
- a recording computer comprising a network interface, a packet allocator, and a packet store;
  
  wherein the network interface receives a plurality of IP packets to be recorded;
  
  wherein the packet allocator allocates the plurality of IP packets to a first recording stream based only upon examination of a single value located at a first fixed offset in each of the plurality of IP packets;
  
  wherein the single value located at the first fixed offset in each of the plurality of IP packets is a destination port number; and
  
  wherein the allocation is performed without testing a protocol type field of the plurality of IP packets;
  
  wherein the packet allocator is part of a transport layer of the recording computer; and
  
  wherein the packet storage stores the first recording stream.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The system of claim 6, wherein the recording computer further comprises:
    - a packet checker that checks a subset of the plurality of IP packets for an indication that storing of the first recording stream should be stopped.
  - 8. The system of claim 6, wherein the recording computer further comprises:
    - a packet pool of preformatted packets, wherein the preformatted packets are transmitted to a network interface at predetermined intervals.
  - 9. The system of claim 8, wherein the packet pools correspond to silent audio.
  - 10. The system of claim 8, wherein the packet pools correspond to a beep tone.
  - 11. The system of claim 6, further comprising:
    - a packet checker that checks a subset of the plurality of IP packets to determine that a Denial of Service attack (DoS) is being directed against the destination port of the plurality of packets and directs the packet allocator to stop allocating packets directed to the destination port of the plurality of packets.

12. A non-transitory computer readable medium having instructions stored thereon for recording computer communications that, when executed by a recording computer, direct the recording computer to:
- receive, by a transport layer of the recording computer, a first IP packet directed to a recording network interface of the recording computer, wherein the transport layer receives the first IP packet from a recording network interface of the recording computer;
  
  allocate, by the transport layer of the recording computer, the first IP packet to a first recording stream of packets based only upon examination of a single value located at a first fixed offset in the first IP packet, wherein the single value located at the first fixed offset in the first IP packet is a destination port number; and
  
  wherein the allocation is performed without testing a protocol type field of the first IP packet; and
  
  store at the recording computer at least a portion of the first IP packet associated with the first recording stream of packets.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The non-transitory computer readable medium of claim 12 wherein the instructions, when executed by the recording computer, further direct the recording computer to:
    - receive, by the transport layer of the recording computer, a second IP packet directed to the recording network interface of the recording computer;
      
      allocate, by the transport layer of the recording computer, the second IP packet to a second recording stream of packets based only upon examining a single value located at the first fixed offset in the second IP packet, wherein the single value located at the first fixed offset in the second IP packet is a destination port number of the second IP packet; and
      
      wherein the allocation is performed without testing a protocol type field of the second IP packet; and
      
      store at the recording computer at least a portion of the second IP packet associated with the second recording stream of packets.
  - 14. The non-transitory computer readable medium of claim 13, wherein the instructions, when executed by the recording computer, further direct the recording computer to:
    - check the second IP packet for an indication that storing of the second recording stream of packets should be stopped; and
      
      stop storing the second recording stream of packets if the checking of the second IP packet indicates that storing of the second recording stream of packets should be stopped.
  - 15. The non-transitory computer readable medium of claim 14 wherein the instructions, when executed by the recording computer, further direct the recording computer to:
    - pre-format a block of transmit packets; and
      
      transmit the block of transmit packets at predetermined intervals.
  - 16. The non-transitory computer readable medium of claim 15, wherein the block of transmit packets corresponds to silence.
  - 17. The non-transitory computer readable medium of claim 12 wherein the instructions, when executed by the recording computer, further direct the recording computer to:
    - check the second IP packet for an indication that storing of the first recording stream of packets should be stopped; and
      
      stop storing the first recording stream of packets if the checking the second IP packet indicates that storing of the first recording stream of packets should be stopped.
  - 18. The non-transitory computer readable medium of claim 12 wherein the instructions, when executed by the recording computer, further direct the recording computer to:
    - pre-format a block of transmit packets; and
      
      transmit the block of transmit packets at predetermined intervals.
  - 19. The non-transitory computer readable medium of claim 18, wherein the block of transmit packets correspond to silence.
  - 20. The non-transitory computer readable medium of claim 18, wherein the block of transmit packets correspond to a tone.
  - 21. The non-transitory computer readable medium of claim 12 wherein the first IP packet is also a UDP packet and the single value located at the first fixed offset within the first IP packet is a UDP port number.
  - 22. The non-transitory computer readable medium of claim 12 wherein the instructions, when executed by the computer system, further direct the computer system to:
    - check the second IP packet to determine that a Denial of Service attack (DoS) is being directed against the destination port of the second IP packet; and
      
      direct the transport layer to stop allocating packets directed to the destination port of the second IP packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verint Systems Incorporated
Original Assignee
Verint Americas Incorporated (Verint Systems Incorporated)
Inventors
Blair, Christopher Douglas
Primary Examiner(s)
Lee, Jae Y
Assistant Examiner(s)
TRAN, THINH D

Application Number

US12/015,621
Publication Number

US 20090028144A1
Time in Patent Office

3,176 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 43/12   Network monitoring probes

H04L 43/18   Protocol analysers

H04L 63/0227   Filtering policies mail mes...

H04L 63/306   intercepting packet switche...

H04L 69/326   in the transport layer [OSI...

Dedicated network interface

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Dedicated network interface

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links