Network data retrieval and filter systems and methods

US 20030131098A1
Filed: 07/17/2002
Published: 07/10/2003
Est. Priority Date: 07/17/2001
Status: Active Grant

First Claim

Patent Images

1. A network traffic reporting system, comprising:

a first processor;

a hierarchical network traffic data repository interface, said interface providing electronic communication between said first processor and a hierarchical network traffic data repository, the repository containing index information by which the network traffic data contained in said repository is indexed by at least one indexable item;

first memory having stored thereon first computer instructions, said first memory being readable by said first processor, said first computer instructions being executable by said first processor to achieve the functions of;

(i) identifying a filter request having a filter specification, the filter specification having at least one filter criterion referencing an indexable item, (ii) reading the index information of a hierarchical network traffic data repository by said interface, and (iii) a first filtering of network traffic data, said first filtering identifying a first set of network traffic data of said data repository passing at least one of the filter criteria referencing an indexable item.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Included in the invention are systems and methods of full time recording network traffic to a hierarchical data storage. Also included in the invention are systems and methods of retrieval of recorded network traffic from a hierarchically organized network data repository. Additionally included in the invention are systems and methods of efficiently filtering data in a hierarchically organized network data repository. Systems and methods of displaying recorded network data utilizing the retrieval systems are also included in the invention. Further included in the invention are systems and methods of providing sliding time window selection user interfaces. Detailed information on various example embodiments of the inventions are provided in the Detailed Description below, and the inventions are defined by the appended claims.

118 Citations

25 Claims

1. A network traffic reporting system, comprising:
- a first processor;
  
  a hierarchical network traffic data repository interface, said interface providing electronic communication between said first processor and a hierarchical network traffic data repository, the repository containing index information by which the network traffic data contained in said repository is indexed by at least one indexable item;
  
  first memory having stored thereon first computer instructions, said first memory being readable by said first processor, said first computer instructions being executable by said first processor to achieve the functions of;
  
  (i) identifying a filter request having a filter specification, the filter specification having at least one filter criterion referencing an indexable item, (ii) reading the index information of a hierarchical network traffic data repository by said interface, and (iii) a first filtering of network traffic data, said first filtering identifying a first set of network traffic data of said data repository passing at least one of the filter criteria referencing an indexable item.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The system of claim 1, wherein said first instructions are further executable to achieve the function of reporting the location of network traffic data identified in said first filtering.
  - 3. The system of claim 1, wherein said first instructions are further executable to achieve the function of reporting the network traffic data identified in said first filtering.
  - 4. The system of claim 1, wherein said first instructions are further executable to achieve the functions of:
    - (iv) a second filtering of network traffic data, said second filtering identifying a second set of network traffic data of said data repository passing the remaining filter criteria not applied in said first filtering, and (v) reporting the location of network traffic data identified in said second filtering.
  - 5. The system of claim 1, wherein said first instructions are further executable to achieve the functions of:
    - (i) a second filtering of network traffic data, said second filtering identifying a second set of network traffic data of said data repository passing the remaining filter criteria not applied in said first filtering, and (ii) reporting the network traffic data identified in said second filtering.
  - 6. The system of claim 1, wherein said first filtering is operable on index information referencing network traffic data by network packet source address.
  - 7. The system of claim 1, wherein said first filtering is operable on index information referencing network traffic data by network packet destination address.
  - 8. The system of claim 1, wherein said first filtering is operable on index information referencing network traffic data by network packet port.
  - 9. The system of claim 1, further comprising:
    - a display operable by said first processor;
      
      at least one input device whereby a user may provide input to said first processor system;
      
      and second computer instructions stored to said first memory device, said instructions being executable by said first processor to achieve the functions of;
      
      (i) receiving a filter specification entry from a user;
      
      (ii) forming a request containing at least the filter criteria referencing indexable items;
      
      and (iii) receiving a response after application of the filter criteria contained in the formed request.
  - 10. The system of claim 9, wherein the response of said receiving is a set of network traffic data.
  - 11. The system of claim 10, wherein the second computer instructions are further executable to achieve the function of identifying a second set of network traffic data by application of the remaining filter criteria not contained in the formed request.
  - 12. The system of claim 11, wherein the second computer instructions are further executable to achieve the function of displaying at least a portion of the second set of network traffic data.
  - 13. The system of claim 11, wherein the second computer instructions are further executable to achieve the functions of:
    - (i) parsing the second set of network traffic data according to request and response packets, and (ii) passing the parsed network traffic data to a multi-packet recompiler.
  - 14. The system of claim 11, wherein the second computer instructions are further executable to achieve the functions of:
    - (i) reviewing the second set of network traffic data to identify compliant request and reply packets, (ii) parsing the compliant request and reply packets for HTTP requests and responses, (iii) organizing the compliant request and reply packets in a packet sorted list, and (iv) sending the packets of the packet sorted list to a simulation engine.
  - 15. The system of claim 1, further comprising:
    - a communications link providing network communication to said first processor;
      
      a second processor connected to said first processor by said communications link, said first and second processors operable to send and receive network traffic to said first processor through said communications link. a display operable by said second processor;
      
      at least one input device whereby a user may provide input to said second processor system;
      
      second memory having stored thereon second computer instructions, said second memory being readable by said second processor, said second computer instructions being executable by said second processor to achieve the functions of;
      
      (i) receiving a filter specification entry from a user;
      
      (ii) forming a request containing at least the filter criteria referencing indexable items;
      
      and (iii) receiving a response after application of the filter criteria contained in the formed request.
  - 16. The system of claim 15, wherein the response of said receiving is a set of network traffic data.
  - 17. The system of claim 16, wherein the second computer instructions are further executable to achieve the function of identifying a second set of network traffic data by application of the remaining filter criteria not contained in the formed request.
  - 18. The system of claim 17, wherein said second computer instructions are further executable to achieve the function of displaying at least a portion of the second set of network traffic data.
  - 19. The system of claim 17, wherein said second computer instructions are further executable to achieve the function of supplying the second set of network traffic data to a packet interpreter.
  - 20. The system of claim 17, wherein said second computer instructions are further executable to achieve the function of supplying the second set of network traffic data to a control engine.
  - 21. The system of claim 1, wherein said first filtering is operable for filter criteria of matching expressions related by logical operators.
  - 22. The system of claim 1, further comprising:
    - a network replay machine in network communication with said interface, said network replay machine providing access to a hierarchical network traffic data repository.

23. A method of filtering indexed network traffic data, comprising the steps of:
- acquiring a filter expression composed of matching expressions linked in a hierarchy of logical operators;
  
  opening a capture database;
  
  pre-applying filter expression matching expressions referencing an indexable item of the database;
  
  computing filter expression node efficiency ratings using the results of said pre-applying;
  
  and applying the filter expression matching expressions in an order preferring earlier application of matching expressions having better efficiency ratings, said applying identifying a set of packets which pass the filter expression.
- View Dependent Claims (24)
- - 24. The method of claim 23, further comprising the step of:
    - after said applying, displaying the identified set of packets.

25. A computer media product, comprising:
- media;
  
  computer instructions stored to said media, said instructions being executable by a computer system to achieve the functions of;
  
  (i) receiving a filter request having a filter expression composed of matching expressions linked by logical operators, the filter expression having at least one matching expression referencing an indexable item, (ii) reading the index information of a hierarchical network traffic data repository, (iii) computing efficiency ratings for each matching expression and successively each logical operator, and (iv) a first filtering of network traffic data, said first filtering identifying a first set of network traffic data of said data repository passing at least one of the filter criteria referencing an indexable item, said first filtering applying matching expressions in preferential order of efficiency.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Major, John Darren, Covington, Stanley P., Rowley, Bevan S., Huntington, Stephen G.

Granted Patent

US 7,149,189 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

H04L 41/145   involving simulating, desig...

H04L 41/22   comprising specially adapte...

H04L 43/00   Arrangements for monitoring...

H04L 43/022   by sampling

H04L 43/045   for graphical visualisation...

H04L 43/106   using time related informat...

H04L 43/16   Threshold monitoring

H04L 43/18   Protocol analysers

H04L 69/16   Implementation or adaptatio...

H04L 69/163   In-band adaptation of TCP d...

H04L 69/164   Adaptation or special uses ...

Network data retrieval and filter systems and methods

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

118 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Network data retrieval and filter systems and methods

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links