Collecting asymmetric data and proxy data on a communication network

US 8,972,612 B2
Filed: 04/05/2012
Issued: 03/03/2015
Est. Priority Date: 04/05/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

capturing, through a multi-tenant capable Network Monitoring System (NMS) configured to monitor users of a computer network, a data stream solely related to a known user of interest among the users of the computer network, the captured data stream being related to activity of the known user of interest on the computer network;

identifying, through at least one processor of the NMS communicatively coupled to at least one memory, a type of an application being employed by the known user of interest based on analyzing the captured data stream;

generating, through the at least one processor, a new search term unique to an asymmetric data stream of the captured data stream based on an upper layer of a communication protocol used by the captured data stream, an application protocol associated with the identified application, content within the captured data stream and identification of the known user of interest, the asymmetric data stream being related to network communication on part of the known user of interest that is asymmetric in terms of at least one of;

a time communicated on the computer network, a source providing data related to the captured data stream onto the computer network, a route chosen on the computer network to send the data related to the captured data stream, an application type and protocol used to package and format the data related to the captured data stream in packets sent on the computer network, data related to web services used by the known user of interest, data related to non-web services used by the known user of interest, data sent through a network different from the computer network but associated therewith, a response to a communication on the computer network on part of the known user of interest, data sent via a route that is different from a route requested on behalf of the known user of interest and proxy data associated with the known user of interest;

broadcasting the new search term to a plurality of probes located in the computer network, each probe of the plurality of probes being associated with a portion of the computer network where at least one of;

a different routing and an aggregation point exists compared to an original form thereof; and

collecting the asymmetric data stream of the captured data stream based on the broadcasting of the new search term and utilization of the plurality of probes located in the computer network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and apparatus for collecting data streams, such as data packets, on a network, such as the Internet, are disclosed. A metadata portion of at least one of the data streams is analyzed on the network and evaluated using a metadata processing engine to identify a relationship between at least two of the plurality of data streams, e.g., a relationship between multiple users of interest, a new user of interest, etc. Evaluation of the metadata and the relationships can be performed algorithmically, as predetermined by an analyst or as provided as preset options by the network monitoring system (NMS). An interface manager can receive the new user of interest, evaluate the new user of interest for redundancy against existing users of interest of the NMS; then communicate the new user of interest to at least one access device to collect data streams associated with the new user of interest.

425 Citations

23 Claims

1. A method comprising:
- capturing, through a multi-tenant capable Network Monitoring System (NMS) configured to monitor users of a computer network, a data stream solely related to a known user of interest among the users of the computer network, the captured data stream being related to activity of the known user of interest on the computer network;
  
  identifying, through at least one processor of the NMS communicatively coupled to at least one memory, a type of an application being employed by the known user of interest based on analyzing the captured data stream;
  
  generating, through the at least one processor, a new search term unique to an asymmetric data stream of the captured data stream based on an upper layer of a communication protocol used by the captured data stream, an application protocol associated with the identified application, content within the captured data stream and identification of the known user of interest, the asymmetric data stream being related to network communication on part of the known user of interest that is asymmetric in terms of at least one of;
  
  a time communicated on the computer network, a source providing data related to the captured data stream onto the computer network, a route chosen on the computer network to send the data related to the captured data stream, an application type and protocol used to package and format the data related to the captured data stream in packets sent on the computer network, data related to web services used by the known user of interest, data related to non-web services used by the known user of interest, data sent through a network different from the computer network but associated therewith, a response to a communication on the computer network on part of the known user of interest, data sent via a route that is different from a route requested on behalf of the known user of interest and proxy data associated with the known user of interest;
  
  broadcasting the new search term to a plurality of probes located in the computer network, each probe of the plurality of probes being associated with a portion of the computer network where at least one of;
  
  a different routing and an aggregation point exists compared to an original form thereof; and
  
  collecting the asymmetric data stream of the captured data stream based on the broadcasting of the new search term and utilization of the plurality of probes located in the computer network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the upper layer of the communication protocol used by the captured data stream is at least one of a layer 2 protocol, a layer 3 protocol, a layer 4 protocol, a layer 5 protocol, a layer 6 protocol, and a layer 7 protocol based on an Open Systems Interconnection (OSI) model.
  - 3. The method of claim 1, wherein the asymmetric data stream is a data stream from one of a requestor and a responder.
  - 4. The method of claim 3, wherein the responder is located behind a proxy server.
  - 5. The method of claim 1, further comprising:
    - determining a protocol that is specifically applicable to one of a layer 2 protocol, a layer 3 protocol and a layer 4 protocol in combination with at least one of a layer 5 protocol, a layer 6 protocol, and a layer 7 protocol based on the OSI model.
  - 6. The method of claim 1, comprising generating the new search term such that overcollection of the captured data stream is prevented.
  - 7. The method of claim 1, wherein the communication protocol used by the captured data stream is unique to a type of network communication on the part of the known user of interest.
  - 8. The method of claim 1, wherein one of the captured data stream-and the asymmetric data stream thereof is located behind a proxy server with more than one user.
  - 9. The method of claim 1, wherein the application employed by the known user of interest is one of a web and a non-web application.
  - 10. The method of claim 1, comprising performing the identification of the type of application and the creation of the new search term locally to a probe on the computer network.
  - 11. The method of claim 1, further comprising:
    - communicating the new search term to a centralized mediation engine in the NMS for one of;
      
      subsequent evaluation by a user of the NMS and broadcast to the plurality of probes to collect data with the new search term.
  - 12. The method of claim 1, wherein the new search term is an identifier.
  - 13. The method of claim 1, wherein the new search term is a flag identification for an attachment to an email type of application that immediately uploads the attachment to a network server in response to a request from the known user of interest to attach the document to the email.

14. A multi-tenant capable NMS configured to monitor users of a computer network, comprising:
- at least one memory; and
  
  at least one processor communicatively coupled to the at least one memory, the at least one processor being configured to execute instructions to;
  
  capture a data stream solely related to a known user of interest among the users of the computer network, the captured data stream being related to activity of the known user of interest on the computer network,identify a type of an application being employed by the known user of interest based on analyzing the captured data stream,generate a new search term unique to an asymmetric data stream of the captured data stream based on an upper layer of a communication protocol used by the captured data stream, an application protocol associated with the identified application, content within the captured data stream and identification of the known user of interest, the asymmetric data stream being related to network communication on part of the known user of interest that is asymmetric in terms of at least one of;
  
  a time communicated on the computer network, a source providing data related to the captured data stream onto the computer network, a route chosen on the computer network to send the data related to the captured data stream, an application type and protocol used to package and format the data related to the captured data stream in packets sent on the computer network, data related to web services used by the known user of interest, data related to non-web services used by the known user of interest, data sent through a network different from the computer network but associated therewith, a response to a communication on the computer network on part of the known user of interest, data sent via a route that is different from a route requested on behalf of the known user of interest and proxy data associated with the known user of interest, andbroadcast the new search term to a plurality of probes located in the computer network to enable collection of the asymmetric data stream of the captured data stream, each probe of the plurality of probes being associated with a portion of the computer network where at least one of;
  
  a different routing and an aggregation point exists compared to an original form thereof.
- View Dependent Claims (15, 16, 17)
- - 15. The NMS of claim 14, wherein:
    - the asymmetric data stream is a data stream from one of a requestor and a responder.
  - 16. The NMS of claim 14, wherein the upper layer of the communication protocol used by the captured data stream is at least one of a layer 5 protocol, a layer 6 protocol, a layer 7 protocol and a combination thereof based on an OSI model.
  - 17. The NMS of claim 14, wherein the communication protocol used by the captured data stream is unique to a type of network communication on the part of the known user of interest.

18. A system comprising:
- a computer network; and
  
  a multi-tenant capable NMS configured to monitor users of the computer network, the NMS being configured to;
  
  capture a data stream solely related to a known user of interest among the users of the computer network, the captured data stream being related to activity of the known user of interest on the computer network,identify a type of an application being employed by the known user of interest based on analyzing the captured data stream,generate a new search term unique to an asymmetric data stream of the captured data stream based on an upper layer of a communication protocol used by the captured data stream, an application protocol associated with the identified application, content within the captured data stream and identification of the known user of interest, the asymmetric data stream being related to network communication on part of the known user of interest that is asymmetric in terms of at least one of;
  
  a time communicated on the computer network, a source providing data related to the captured data stream onto the computer network, a route chosen on the computer network to send the data related to the captured data stream, an application type and protocol used to package and format the data related to the captured data stream in packets sent on the computer network, data related to web services used by the known user of interest, data related to non-web services used by the known user of interest, data sent through a network different from the computer network but associated therewith, a response to a communication on the computer network on part of the known user of interest, data sent via a route that is different from a route requested on behalf of the known user of interest and proxy data associated with the known user of interest, andbroadcast the new search term to a plurality of probes located in the computer network to enable collection of the asymmetric data stream of the captured data stream, each probe of the plurality of probes being associated with a portion of the computer network where at least one of;
  
  a different routing and an aggregation point exists compared to an original form thereof.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The system of claim 18,wherein the new search term is an identifier.
  - 20. The system of claim 18, wherein:
    - the new search term is communicated to a centralized mediation engine in the NMS for one of;
      
      a subsequent evaluation by a user of the NMS and the broadcast to the plurality of probes.
  - 21. The system of claim 18, wherein:
    - the asymmetric data stream is a data stream from one of a requestor and a responder.
  - 22. The system of claim 18, wherein the communication protocol used by the captured data stream is unique to a type of network communication on the part of the known user of interest.
  - 23. The system of claim 18, wherein the application employed by the known user of interest is one of a web and a non-web application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SS8 Networks Incorporated
Original Assignee
SSB Networks Incorporated
Inventors
Le, Robert, Dikmen, Cemal, Erbilgin, Bulent, Bean, Timothy
Primary Examiner(s)
Moise, Emmanuel L
Assistant Examiner(s)
ABU ROUMI, MAHRAN Y

Application Number

US13/440,877
Publication Number

US 20130097308A1
Time in Patent Office

1,062 Days
Field of Search

709/251
US Class Current

709/251
CPC Class Codes

H04L 43/028   by filtering

H04L 43/12   Network monitoring probes

H04L 67/535   Tracking the activity of th...

Collecting asymmetric data and proxy data on a communication network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

425 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Collecting asymmetric data and proxy data on a communication network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

425 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links