Method and apparatus of network artifact indentification and extraction
First Claim
1. A non-transitory machine readable medium, comprising:
- a packet rearrange module to reorder received network packets based upon sequence numbers;
a packet analyzer module to separate payload data from header data in the received network packets;
an identification module to perform a first match of the payload data with an entry from a library of known artifacts;
a validation module to perform a second match of the payload data based upon a deeper analysis of the payload data with another entry from the library of known artifacts;
a library formation module to populate a table with characteristics of a packet of the received network packets;
an extraction module to communicate an extracted artifact to a user, wherein the extracted artifact is a file with aggregated payload data from a presentation module that includes reordered network packets based on sequence numbers of each packet from the packet rearrange module and wherein the file has an associated file type based on marker matches with the library of known artifacts;
an incomplete management module to identify an incomplete artifact through a comparison of the extracted artifact with a file structure with a known file specification; and
a visibility module to perform network visibility analyses of the extracted artifact.
11 Assignments
0 Petitions
Accused Products
Abstract
A method, system, and apparatus of network artifact identification and extraction are disclosed. In one embodiment, a method includes aggregating a payload data (e.g., may be a component of the extracted artifact) from different network packets to form an aggregated payload data, matching the payload data with an entry of a library of known artifacts, determining a type of the payload data based on a match with the entry of the library of known artifacts, separating the payload data from a header data in a network packet, and communicating the aggregated payload data as an extracted artifact to a user. The method may include using the extracted artifact to perform network visibility analysis of users on packets flowing across the network. The method may validate that the entry is accurate by performing a deeper analysis of the payload data with the entry of the library of known artifacts.
245 Citations
8 Claims
-
1. A non-transitory machine readable medium, comprising:
-
a packet rearrange module to reorder received network packets based upon sequence numbers; a packet analyzer module to separate payload data from header data in the received network packets; an identification module to perform a first match of the payload data with an entry from a library of known artifacts; a validation module to perform a second match of the payload data based upon a deeper analysis of the payload data with another entry from the library of known artifacts; a library formation module to populate a table with characteristics of a packet of the received network packets; an extraction module to communicate an extracted artifact to a user, wherein the extracted artifact is a file with aggregated payload data from a presentation module that includes reordered network packets based on sequence numbers of each packet from the packet rearrange module and wherein the file has an associated file type based on marker matches with the library of known artifacts; an incomplete management module to identify an incomplete artifact through a comparison of the extracted artifact with a file structure with a known file specification; and a visibility module to perform network visibility analyses of the extracted artifact. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification