SYSTEM AND METHOD FOR CHARACTERIZING NETWORK TRAFFIC
First Claim
1. A method comprising, by a computer system:
- monitoring first traffic from a first local host;
determining from the first traffic a first application at least one of addressed by and that generated the first traffic and a remote host addressed by the first traffic;
monitoring second traffic from one of the first local host and a second local host;
determining that the second traffic is addressed to the remote host;
in response to determining that the second traffic is addressed to the remote host, determining that the second traffic is at least one of addressed to the first application and generated by the first application; and
in response to determining that the second traffic is at least one of addressed by the application and generated by the first application, applying a prioritization logic to subsequent traffic in a session including the second traffic.
3 Assignments
0 Petitions
Accused Products
Abstract
A system monitors first traffic and identifies associations between applications that generated or received the traffic and parameters such as domain names, a remote host, and a local host referenced in the traffic. Subsequent traffic is monitored and determined to be generated by or addressed to an application according to such parameters in the subsequent traffic, such as remote host, local host, domain name, or port number. The subsequent traffic is associated with an application without requiring deep packet inspection (DPI). In particular, an application may be associated with a session based on evaluation of a single packet of the session.
9 Citations
20 Claims
-
1. A method comprising, by a computer system:
-
monitoring first traffic from a first local host; determining from the first traffic a first application at least one of addressed by and that generated the first traffic and a remote host addressed by the first traffic; monitoring second traffic from one of the first local host and a second local host; determining that the second traffic is addressed to the remote host; in response to determining that the second traffic is addressed to the remote host, determining that the second traffic is at least one of addressed to the first application and generated by the first application; and in response to determining that the second traffic is at least one of addressed by the application and generated by the first application, applying a prioritization logic to subsequent traffic in a session including the second traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising one or more processors and one or more memory devices coupled to the one or more processors, the one or more memory devices storing executable and operational code effective to cause the one or more processors to:
-
monitor first traffic from a first local host; determine from the first traffic a first application at least one of addressed by and that generated the first traffic and a remote host addressed by the first traffic; monitor second traffic from one of the first local host and a second local host; determine that the second traffic is addressed to the remote host; in response to determining that the second traffic is addressed to the remote host, determine that the second traffic is at least one of addressed to the first application and generated by the first application; and in response to determining that the second traffic is at least one of addressed by the application and generated by the first application, apply a prioritization logic to subsequent traffic in a session including the second traffic. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising one or more processors and one or more memory devices coupled to the one or more processors, the one or more memory devices storing executable and operational code effective to cause the one or more processors to:
-
evaluate first traffic to identify for each first session of a portion of first sessions in which the first traffic occurs and, according to the evaluation, identifying a local host associated with the each first session, a remote host associated with the each first session, and an application of a plurality of applications associated with the each first session; evaluate second traffic subsequent to the first traffic; and for each session of a plurality of second sessions in the second traffic— identify a local host and a remote host associated with the each second session; identify an inferred application of the plurality of applications that is associated with a same local host and a same remote host in one or more of the first sessions as the each second session; and apply prioritization logic to subsequent traffic in the each second session according to the associating of the inferred application to the each second session. - View Dependent Claims (18, 19, 20)
-
Specification