Dynamic monitoring of network traffic
First Claim
1. A device connected to a monitoring appliance configured to monitor a particular type of traffic flow that is associated with one of a plurality of ports of the device, the device comprising:
- a traffic analyzer to;
identify a traffic flow, associated with a received data unit; and
a traffic processor to;
receive the data unit and information regarding the identified traffic flow from the traffic analyzer, determine that the identified traffic flow comprises the particular type of traffic flow to be monitored by the monitoring appliance based on the information, mirror the data unit, to form a mirrored data unit, based on the identified traffic flow comprising the particular type of traffic flow, determine that the data unit is associated with another one of the plurality of ports, change a port number associated with the mirrored data unit, to a particular port number based on the information and determining that the data unit is associated with the other one of the plurality of ports, where the particular port number is associated with the one of the plurality of ports, send the mirrored data unit to the monitoring appliance, and send the data unit to the other one of the plurality of ports.
1 Assignment
0 Petitions
Accused Products
Abstract
A device, connected to a monitoring appliance, may include a traffic analyzer to receive a data unit and identify a traffic flow associated with the data unit. The device may also include a traffic processor to receive the data unit and information regarding the identified traffic flow from the traffic analyzer, determine that the identified traffic flow is to be monitored by the monitoring appliance, change a port number, associated with the data unit, to a particular port number to create a modified data unit when the identified traffic flow is to be monitored by the monitoring appliance, and send the modified data unit to the monitoring appliance.
78 Citations
25 Claims
-
1. A device connected to a monitoring appliance configured to monitor a particular type of traffic flow that is associated with one of a plurality of ports of the device, the device comprising:
- a traffic analyzer to;
identify a traffic flow, associated with a received data unit; and
a traffic processor to;
receive the data unit and information regarding the identified traffic flow from the traffic analyzer, determine that the identified traffic flow comprises the particular type of traffic flow to be monitored by the monitoring appliance based on the information, mirror the data unit, to form a mirrored data unit, based on the identified traffic flow comprising the particular type of traffic flow, determine that the data unit is associated with another one of the plurality of ports, change a port number associated with the mirrored data unit, to a particular port number based on the information and determining that the data unit is associated with the other one of the plurality of ports, where the particular port number is associated with the one of the plurality of ports, send the mirrored data unit to the monitoring appliance, and send the data unit to the other one of the plurality of ports. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- a traffic analyzer to;
-
12. A method performed by a device that is connected to a monitoring appliance configured to monitor a particular type of traffic flow associated with a particular port number, the method comprising:
- storing, as entries in a memory, information identifying a plurality of traffic flows and a corresponding plurality of port numbers, the plurality of port numbers including the particular port number, where each one of the entries stores information identifying one of the plurality of traffic flows and a corresponding one of the plurality of port numbers;
identifying a traffic flow associated with a data unit received by the device;
determining that the identified traffic flow is to be monitored by the monitoring appliance based on information associated with the identified traffic flow matching the one of the plurality of traffic flows in the memory;
mirroring the data unit, to form a mirrored data unit, in response to determining that the traffic flow is to be monitored;
determining that the data unit is associated with one of the plurality of port numbers other than the particular port number;
replacing a port number associated with the mirrored data unit, with the corresponding one of the plurality of port numbers from the memory to create a modified mirrored data unit in response to determining that the data unit is associated with the one of the plurality of port numbers other than the particular port number;
sending the modified mirrored data unit to the monitoring appliance; and
sending the data unit to a port associated with the one of the plurality of port numbers. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- storing, as entries in a memory, information identifying a plurality of traffic flows and a corresponding plurality of port numbers, the plurality of port numbers including the particular port number, where each one of the entries stores information identifying one of the plurality of traffic flows and a corresponding one of the plurality of port numbers;
-
20. A system, comprising:
- a device to;
receive network traffic, where the network traffic includes a plurality of different traffic flows tunneled via a common transport protocol, separate the plurality of different traffic flows from the network traffic to create a plurality of separate traffic flows, determine that a monitoring appliance, connected to the device, is to monitor one of the plurality of separate traffic flows, where the monitoring appliance is to monitor a particular type of traffic flow associated with a particular port number;
mirror the one of the plurality of separate traffic flows based on determining that the monitoring appliance is to monitor the one of the plurality of separate traffic flows, replace a port number, associated with the mirrored one of the plurality of separate traffic flows, with the particular port number to create a modified mirrored traffic flow, send the modified mirrored traffic flow to the monitoring appliance, and send the one of the plurality of separate traffic flows to a port associated with the port number. - View Dependent Claims (21, 22, 23, 24, 25)
- a device to;
Specification