Correlating packets in communications networks
DC CAFCFirst Claim
Patent Images
1. A method comprising:
- identifying, by a computing system, a plurality of packets received by a network device from a host located in a first network;
generating, by the computing system, a plurality of log entries corresponding to the plurality of packets received by the network device;
identifying, by the computing system, a plurality of packets transmitted by the network device to a host located in a second network;
generating, by the computing system, a plurality of log entries corresponding to the plurality of packets transmitted by the network device;
correlating, by the computing system and based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and
responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device;
generating, by the computing system and based on the correlating, one or more rules configured to identify packets received from the host located in the first network; and
provisioning a packet-filtering device with the one or more rules configured to identify packets received from the host located in the first network.
4 Assignments
Litigations
3 Petitions
Accused Products
Abstract
A computing system may identify packets received by a network device from a host located in a first network and may generate log entries corresponding to the packets received by the network device. The computing system may identify packets transmitted by the network device to a host located in a second network and may generate log entries corresponding to the packets transmitted by the network device. Utilizing the log entries corresponding to the packets received by the network device and the log entries corresponding to the packets transmitted by the network device, the computing system may correlate the packets transmitted by the network device with the packets received by the network device.
149 Citations
30 Claims
-
1. A method comprising:
-
identifying, by a computing system, a plurality of packets received by a network device from a host located in a first network; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets received by the network device; identifying, by the computing system, a plurality of packets transmitted by the network device to a host located in a second network; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets transmitted by the network device; correlating, by the computing system and based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generating, by the computing system and based on the correlating, one or more rules configured to identify packets received from the host located in the first network; and provisioning a packet-filtering device with the one or more rules configured to identify packets received from the host located in the first network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
at least one processor; and a memory storing instructions that when executed by the at least one processor cause the system to; identify a plurality of packets received by a network device from a host located in a first network; generate a plurality of log entries corresponding to the plurality of packets received by the network device; identify a plurality of packets transmitted by the network device to a host located in a second network; generate a plurality of log entries corresponding to the plurality of packets transmitted by the network device; correlate, based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generate, based on the correlating, one or more rules configured to identify packets received from the host located in the first network; and provision a device located in the first network with the one or more rules configured to identify packets received from the host located in the first network. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. One or more non-transitory computer-readable media comprising instructions that when executed by a computing system cause the computing system to:
-
identify a plurality of packets received by a network device from a host located in a first network; generate a plurality of log entries corresponding to the plurality of packets received by the network device; identify a plurality of packets transmitted by the network device to a host located in a second network; generate a plurality of log entries corresponding to the plurality of packets transmitted by the network device; correlate, based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device; generate, based on the correlating, one or more rules configured to identify packets received from the host located in the first network; and provision a device located in the first network with the one or more rules configured to identify packets received from the host located in the first network. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification