Reducing an amount of captured network traffic data to analyze

US 9,929,930 B2
Filed: 01/19/2016
Issued: 03/27/2018
Est. Priority Date: 01/19/2016
Status: Active Grant

First Claim

Patent Images

1. A communication network monitoring system comprising:

a plurality of probes coupled to respective locations of a communication network, each of the probes including programmable instructions configured to execute on a processing device, the probes being configured to;

capture network data from network traffic of the communication network;

detect by lightweight analysis performed by a first probe of the plurality of probes a data packet of the captured network data that includes information related to a transactional procedure failure transacted by an end-user device;

determine, by the first probe, an identity of the end-user device;

share the identity of the end-user device with other probes of the plurality of probes;

add the end-user device'"'"'s identity to respective whitelists associated with the probes of the plurality of probes; and

perform, for end-user identities included in the respective whitelists, detailed analysis of network data associated with the end-user identities captured during a predetermined time period.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for monitoring a communication network is provided. The method includes capturing network data from network traffic of the communication network by a plurality of probes monitoring the communication network. The method further includes detecting by lightweight analysis a data packet of the captured network data that includes information related to a transactional procedure failure transacted by an end-user device and determining an identity of the end-user device. The method further includes sharing the identity of the end-user device with other probes of the plurality of probes, adding the end-user device'"'"'s identity to respective whitelists associated with the probes of the plurality of probes, and performing, for end-user device identities included in the respective whitelists, detailed analysis of network data during a predetermined time period.

Citations

23 Claims

1. A communication network monitoring system comprising:
- a plurality of probes coupled to respective locations of a communication network, each of the probes including programmable instructions configured to execute on a processing device, the probes being configured to;
  
  capture network data from network traffic of the communication network;
  
  detect by lightweight analysis performed by a first probe of the plurality of probes a data packet of the captured network data that includes information related to a transactional procedure failure transacted by an end-user device;
  
  determine, by the first probe, an identity of the end-user device;
  
  share the identity of the end-user device with other probes of the plurality of probes;
  
  add the end-user device'"'"'s identity to respective whitelists associated with the probes of the plurality of probes; and
  
  perform, for end-user identities included in the respective whitelists, detailed analysis of network data associated with the end-user identities captured during a predetermined time period.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The communication network monitoring system of claim 1, wherein the predetermined time period includes a first time interval before a time T, T being the time the transactional procedure failure was detected.
  - 3. The communication network monitoring system of claim 2, wherein detailed analysis of the network data captured during the first time interval includes retrieving captured network data associated with the end-user device from a long term storage device.
  - 4. The communication network monitoring system of claim 2, wherein the predetermined time period includes a second time interval after time T.
  - 5. The communication network monitoring system of claim 4, wherein detailed analysis of the network data associated with the second time interval includes analyzing network data in real time that was captured during the second time interval.
  - 6. The communication network monitoring system of claim 4, wherein the identity of the end-user device is deleted from the whitelist after the second time interval.
  - 7. The communication network monitoring system of claim 1, further comprising a server that communicates with the probes via a network, wherein the first probe transmits the identity of the end-user device to the server, and the server transmits the identity of the end-user device to the other probes.
  - 8. The communication network monitoring system of claim 1, wherein the plurality of probes are virtual probes, and the processing device is remote from the respective locations of the communication network.

9. A plurality of probes coupled at respective locations of a communication network, each of the probes comprising programmable instructions configured to execute on a processing device, the probes being configured to:
- capture network data from network traffic of the communication network;
  
  detect by lightweight analysis performed by a first probe of the plurality of probes a data packet of the captured network data that includes information related to a transactional procedure failure transacted by an end-user device;
  
  determine, by the first probe, an identity of the end-user device;
  
  share the identity of the end-user device with other probes of the plurality of probes;
  
  add the end-user device'"'"'s identity to respective whitelists associated with the probes of the plurality of probes; and
  
  perform, for end-user device identities included in the respective whitelists, detailed analysis of network data associated with the end-user identities captured during a predetermined time period.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The plurality of probes of claim 9, wherein the predetermined time period includes a first time interval before a time T, T being the time the detected transactional procedure failure was detected.
  - 11. The plurality of probes of claim 10, wherein detailed analysis of the network data captured during the first time interval includes retrieving captured network data associated with the end-user device from a long term storage device.
  - 12. The plurality of probes of claim 10, wherein the predetermined time period includes a second time interval after time T.
  - 13. The plurality of probes of claim 12, wherein detailed analysis of the network data associated with the second time interval includes analyzing network data in real time that was captured during the second time interval.
  - 14. The plurality of probes of claim 12, wherein the identity of the end-user device is deleted from the whitelist after second time interval.
  - 15. The plurality of probes of claim 9, wherein the probe is further configured to transmit, via a network to a server, the identity of the end-user device, and the other probes are configured to receive the identity of the end-user device from the server.
  - 16. The plurality of probes of claim 9, wherein the plurality of probes are virtual probes, and the processing device is remote from the respective locations of the communication network.

17. A method of monitoring a communication network comprising:
- capturing network data from network traffic of the communication network by a plurality of probes coupled to the communication network;
  
  detecting by lightweight analysis a data packet of the captured network data that includes information related to a transactional procedure failure transacted by an end-user device;
  
  determining an identity of the end-user device;
  
  sharing the identity of the end-user device with other probes of the plurality of probes;
  
  adding the end-user device'"'"'s identity to respective whitelists associated with the probes of the plurality of probes; and
  
  performing, for end-user device identities included in the respective whitelists, detailed analysis of network data during a predetermined time period.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The method of claim 17, wherein the predetermined time period includes a first time interval before a time T, T being the time the transactional procedure failure was detected.
  - 19. The method of claim 18, wherein performing detailed analysis of the network data captured during the first time interval includes retrieving captured network data associated with the end-user device from a long term storage device.
  - 20. The method of claim 18, wherein the predetermined time period includes a second time interval after time T.
  - 21. The method of claim 20, further comprising:
    - storing network data captured during the second time interval for long term storage; and
      
      performing detailed analysis in real time of network data that was captured during the second time interval.
  - 22. The method of claim 20, wherein the identity of the end-user device is deleted from the whitelist after second time interval.
  - 23. The method of claim 19, further comprising:
    - transmitting by a probe of the plurality of probes to a server via a network, the identity of the end-user device; and
      
      receiving by other probes of the plurality of probes, the identity of the end-user device from the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetScout Systems Texas, LLC (NetScout Systems Incorporated)
Original Assignee
NetScout Systems Texas, LLC (NetScout Systems Incorporated)
Inventors
Curtin, John P., Janakiraman, Vignesh
Primary Examiner(s)
WANG, LIANG CHE A

Application Number

US15/000,963
Publication Number

US 20170207990A1
Time in Patent Office

798 Days
Field of Search

709218, 709223, 709224
US Class Current
CPC Class Codes

H04L 43/028 by filtering

H04L 43/12 Network monitoring probes

Reducing an amount of captured network traffic data to analyze

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Reducing an amount of captured network traffic data to analyze

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links