A method and apparatus for a network monitor internals mechanism that serves to translate packet data into multiple concurrent streams of network event data is provided. The data translation is accomplished by interpreting both sides of each protocol transaction.
대표청구항▼
The invention claimed is: 1. An apparatus for translating packet data into a serialized stream of network event data, comprising: means for accepting said packet data live or from a first file containing said packet data; means for intepreting both sides of each network connection of one or more ne
The invention claimed is: 1. An apparatus for translating packet data into a serialized stream of network event data, comprising: means for accepting said packet data live or from a first file containing said packet data; means for intepreting both sides of each network connection of one or more network connections in said packet data, wherein said means for interpreting comprises means for determining a relative time and a concurrency of each of a plurality of network events together with its comprised protocol events in said packet data and using said relative time and concurrency for making one or more policy decisions about said network event before it terminates; means for extracting security-sensitive information from said packet data, wherein said means for extracting omits passwords, documents, and other sensitive data; and means for generating output from said extracted security-sensitive information into said serialized stream of network event data in encoded format, wherein, said encoded format comprises a transaction identifier corresponding to said each said network connection, wherein each transaction identifier is used in a post-process to identify a plurality of actions corresponding to a plurality of protocol events on said network connections, each action including one or more elements of said security-sensitive information, and wherein said output is stored in a second file for subsequent post-processing by an interpreting processor or is fed continuously to said interpreting processor. 2. The apparatus of claim 1, wherein said encoded format is network event encoded format. 3. The apparatus of claim 1, wherein said generated output is suitable for processing by, but not limited to means for logging, means for debugging, and a policy engine. 4. The apparatus of claim 1, further comprising: means, for using a "stopped collecting" state where said packets may be ignored except to use information from transport protocol headers to determine a connection state associated with a connection and freeing resources when said connection terminates, thereby increasing efficiency in said translating packet data. 5. The apparatus of claim 4, wherein said means for using headers and freeing resources is implemented as a hardware filter to stop additional packets of data from arriving. 6. The apparatus of claim 1, further comprising: means for using time received of said packet data as a point of reference and using corresponding time intervals for aligning results, said results stored in a database. 7. The apparatus of claim 1, wherein when said accepting packet data is from said file, further comprising means for processing said packet data relative to time and time intervals of when said packet was originally received into the file. 8. The apparatus of claim 1, said means for generating output further comprising: an interface for communicating with a policy engine, said interface comprising calls for connecting and for starting and finishing a plurality of transactions, and event specific calls. 9. The apparatus of claim 8, wherein said plurality of transactions are active at the same time. 10. The apparatus of claim 1, further comprising: means for decoding encoded versions of network events. 11. The apparatus of claim 1, wherein said encoded format comprises: a header; embedded agent descriptors indicating location of source of said packet data; type map used in detecting update types not supported by old software, thereby; and encoded transactions. 12. The apparatus of claim 1, wherein different protocol layers of said network event data are combined to facilitate understanding of events in said packet data. 13. A method for translating packet data into a serialized stream of network event data, comprising: accepting said packet data live or from a first file containing said packet data; interpreting both sides of each network connection of one or more network connections in said packet data wherein said means for interpreting comprises means for determining a relative time and a concurrency of each of a plurality of network events together with its comprised protocol events in said packet data and using said relative time and concurrency for making one or more policy decisions about said network event before it terminates; extracting security-sensitive information from said packet data, wherein said means for extracting omits passwords, documents, and other sensitive data; and generating output from said extracted security-sensitive information into said serialized stream of network event data in encoded format, wherein said encoded format comprises a transaction identifier corresponding to said each said network connection, wherein each transaction identifier is used in a post-process to identify a plurality of actions corresponding to a plurality of protocol events on said network connections each action including one or more elements of said security-sensitive information, and wherein said output is stored in a second file for subsequent post-processing by an interpreting processor or is fed continuously to said interpreting processor. 14. The method of claim 13, wherein said encoded format is network event encoded format. 15. The method of claim 13, wherein said generated output is suitable for processing by, but not limited to logging, debugging, and a policy engine. 16. The method of claim 13, further comprising: providing a "stopped collecting" state whereby said packets may be ignored except to use information from transport protocol headers to determine a connection state associated with a connection and free resources when said connection terminates, thereby increasing efficiency in said translating packet data. 17. The method of claim 16, wherein using headers and freeing resources is implemented as a hardware filter to stop additional packets of data from arriving. 18. The method of claim 13, further comprising: using time received of said packet data as a point of reference and using corresponding time intervals for aligning results, said results stored in a database. 19. The method of claim 13, wherein when said accepting packet data is from said file, further comprising processing said packet data relative to time and, time intervals of when said packet was originally received into the file. 20. The method of claim 13, said generating output further comprising: providing an interface for communicating with a policy engine, said interface comprising calls for connecting and for starting and finishing a plurality of transactions, and event specific calls. 21. The method of claim 20, wherein said plurality of transactions are active at the same time. 22. The method of claim 13, further comprising: decoding encoded versions of network events. 23. The method of claim 13, wherein said encoded format comprises: a header; embedded agent descriptors indicating location of source of said packet data; type map used in detecting update types not supported by old software, thereby; and encoded transactions. 24. The method of claim 13, wherein different protocol layers of said network event data are combined to facilitate understanding of events in said packet data.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (10)
Sarkissian, Haig A.; Dietz, Russell S., Associative cache structure for lookups and updates of flow records in a network monitor.
Dietz, Russell S.; Maixner, Joseph R.; Koppenhaver, Andrew A.; Bares, William H.; Sarkissian, Haig A.; Torgerson, James F., Method and apparatus for monitoring traffic in a network.
Dietz, Russell S.; Maixner, Joseph R.; Koppenhaver, Andrew A.; Bares, William H.; Sarkissian, Haig A.; Torgerson, James F., Method and apparatus for monitoring traffic in a network.
Dietz, Russell S.; Koppenhaver, Andrew A.; Torgerson, James F., Processing protocol specific information in packets specified by a protocol description language.
Dietz, Russell S.; Maixner, Joseph R.; Koppenhaver, Andrew A., Re-using information from data transactions for maintaining statistics in network monitoring.
Osterhout, Ralph F.; Haddick, John D.; Lohse, Robert Michael; Cella, Charles; Nortrup, Robert J.; Nortrup, Edward H., AR glasses with event and sensor triggered AR eyepiece interface to external devices.
Osterhout, Ralph F.; Haddick, John D.; Lohse, Robert Michael; Cella, Charles; Nortrup, Robert J.; Nortrup, Edward H., AR glasses with event and sensor triggered control of AR eyepiece applications.
Osterhout, Ralph F.; Haddick, John D.; Lohse, Robert Michael; Cella, Charles; Nortrup, Robert J.; Nortrup, Edward H., AR glasses with event and user action control of external applications.
Osterhout, Ralph F.; Haddick, John D.; Lohse, Robert Michael; Border, John N.; Miller, Gregory D.; Stovall, Ross W., Eyepiece with uniformly illuminated reflective display.
Miller, Gregory D.; Border, John N.; Osterhout, Ralph F., Grating in a light transmissive illumination system for see-through near-eye display glasses.
Boulanger, Alan; Himberger, Kevin; Jeffries, Clark D.; Ziraldo, John, Operating a communication network through use of blocking measures for responding to communication traffic anomalies.
Miller, Gregory D.; Border, John N.; Osterhout, Ralph F., Optical imperfections in a light transmissive illumination system for see-through near-eye display glasses.
Border, John N.; Osterhout, Ralph F., See-through near-eye display glasses including an auto-brightness control for the display brightness based on the brightness in the environment.
Border, John N.; Osterhout, Ralph F., See-through near-eye display glasses with a fast response photochromic film system for quick transition from dark to clear.
Border, John N.; Haddick, John D.; Osterhout, Ralph F., See-through near-eye display glasses with a light transmissive wedge shaped illumination system.
Border, John N.; Haddick, John D.; Lohse, Robert Michael; Osterhout, Ralph F., See-through near-eye display glasses with the optical assembly including absorptive polarizers or anti-reflective coatings to reduce stray light.
Narayanaswamy, Krishna; Ithal, Ravi; Malmskog, Steve; Gnanashanmugam, Shankaran; Sambamoorthy, Arjun; Anand, Chetan; Arun, Prashanth, Systems and methods of monitoring and controlling enterprise information stored on a cloud computing service (CCS).
Narayanaswamy, Krishna; Malmskog, Steve; Sambamoorthy, Arjun, Systems and methods of per-document encryption of enterprise information stored on a cloud computing service (CCS).
※ AI-Helper는 부적절한 답변을 할 수 있습니다.