Correlating packets in communications networks

  • US 10,530,903 B2
  • Filed: 01/24/2017
  • Issued: 01/07/2020
  • Est. Priority Date: 02/10/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • determining, by a computing system, that a network device has received, from a first host located in a first network, a plurality of first packets corresponding to first requests for content from a second host located in a second network, wherein the network device comprises a proxy;

    determining, by the computing system, that the network device has generated a plurality of second packets corresponding to second requests, wherein the second requests correspond to the first requests, and wherein the second requests are configured to cause the second host to transmit, to the network device, the content;

    generating, by the computing system, a first plurality of log entries corresponding to the plurality of first packets, wherein each of the first plurality of log entries comprises a receipt timestamp indicating a packet receipt time, and wherein the first plurality of log entries comprise first data from the first requests;

    generating, by the computing system, a second plurality of log entries corresponding to a plurality of second packets, wherein each of the second plurality of log entries comprises a transmission timestamp indicating a packet transmission time, and wherein the second plurality of log entries comprise second data from the second requests;

    determining, by the computing system and for each transmission timestamp, differences between at least one packet transmission time indicated by transmission timestamps and at least one packet receipt time indicated by receipt timestamps;

    correlating, based on the differences and by comparing the first data and the second data, at least a portion of the plurality of first packets and at least a portion of the plurality of second packets; and

    responsive to the correlating;

    generating, by the computing system, an indication of the first host; and

    transmitting, by the computing system, the indication of the first host.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×