Methods, systems, and computer readable media for classifying application traffic received at a network traffic emulation device that emulates multiple application servers
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/16
H04L-012/26
H04L-012/801
H04L-029/06
출원번호
US-0718813
(2012-12-18)
등록번호
US-9397901
(2016-07-19)
발명자
/ 주소
Majumdar, Partha
Chitradurga, Rohan
Belov, Konstantin
출원인 / 주소
Ixia
대리인 / 주소
Jenkins, Wilson, Taylor & Hunt, P.A.
인용정보
피인용 횟수 :
0인용 특허 :
77
초록▼
Methods, systems, and computer readable media for classifying application traffic at a network traffic emulation device that emulates multiple application servers are disclosed. The method may include, at a network traffic emulation device, providing a plurality of different application flows for mo
Methods, systems, and computer readable media for classifying application traffic at a network traffic emulation device that emulates multiple application servers are disclosed. The method may include, at a network traffic emulation device, providing a plurality of different application flows for monitoring mixed application traffic received from different client applications via a device under test on the same transport layer port. For each of the different application flows that monitor the same transport layer port, parsing a payload of received packets associated with the same session in the mixed application traffic and identifying non-matching application flows based on whether a portion of each payload matches a signature associated with the application flow. The method further includes eliminating, as identification candidates, non-matching application flows from the application flows that monitor packets received on the same transport layer port until an application flow that identifies an application for the received packets associated with the same session remains.
대표청구항▼
1. A method for classifying application traffic at a network traffic emulation device that emulates multiple application servers, the method comprising: at a network traffic emulation device in a traffic simulation system: providing a plurality of different application flows for monitoring mixed app
1. A method for classifying application traffic at a network traffic emulation device that emulates multiple application servers, the method comprising: at a network traffic emulation device in a traffic simulation system: providing a plurality of different application flows for monitoring mixed application traffic received from different emulated client applications in the traffic simulation system via a device under test on the same transport layer port, wherein the network traffic emulation device emulates a plurality of application servers including the different application flows, wherein each of the different application flows is configured to identify packet traffic associated with a particular application that is received from one of the different emulated client applications via the device under test;for each of the different application flows that monitor the same transport layer port, parsing a payload of received packets associated with the same session in the mixed application traffic and identifying non-matching application flows based on whether a portion of each payload matches a signature associated with the application flow; andeliminating, as identification candidates, non-matching application flows from the application flows that monitor packets received on the same transport layer port until a single application flow that identifies an application for the received packets associated with the same session remains, wherein eliminating the non-matching application flows from the plurality of application flows includes comparing payload data contained in a first session packet of the mixed application traffic with application flow signatures associated with the application flows, eliminating one or more non-matching application flows from the application flows if at least a portion of the payload data does not match the application flow signatures associated with the one or more non-matching application flows, and subsequently comparing payload data contained in a subsequent session packet of the mixed application traffic with application flow signatures associated with the remaining application flows to eliminate non-matching application flows until the single application flow remains. 2. The method of claim 1 wherein the signature includes a predefined data sequence or pattern. 3. The method of claim 1 wherein the remaining application flow is configured to send packets to a client associated with the identified application to emulate at least a portion of an application protocol expected by the client. 4. The method of claim 1 wherein the device under test includes at least one of: a network address translator (NAT), a firewall, an intrusion detection system (IDS), an intrusion protection system (IPS), a deep packet inspection (DPI) device, a wide area network (WAN) optimization device, a layer 7 accelerator, and a server load balancer (SLB). 5. The method of claim 1 wherein the transport layer port is associated with a listening context includes the plurality of different application flows. 6. The method of claim 5 wherein the listening context generates a session object upon a new session message being received at the transport layer port. 7. The method of claim 6 wherein the session object includes at least an active queue and an inactive queue for managing a plurality of application flow links that respectively identify the plurality of different application flows. 8. The method of claim 7 wherein eliminating the non-matching application flows from the plurality of application flows includes transferring the application flow links from an active queue to an inactive queue in the session object. 9. The method of claim 1 wherein parsing the payload of each received packet includes parsing the payload of each received packet using a token parse rule that specifies at least a portion of the signature for the application flow. 10. The method of claim 9 wherein the token parse rule specifies a start indicator and an end indicator and content associated with the signature between the start indicator and the end indicator. 11. The method of claim 9 wherein using the token parse rule includes storing byte data positioned between two predefined tokens in the payload. 12. The method of claim 9 wherein using the token parse rule includes discarding byte data until a predefined token is detected in the payload. 13. The method of claim 9 wherein using the token parse rule includes storing all data until a predefined token is detected in the payload. 14. The method of claim 9 wherein parsing the payload of each received packet includes utilizing a multiple parse rule algorithm to parse the payload of each received packet in a manner that applies multiple token parse rules in parallel. 15. The method of claim 14 comprising utilizing the multiple parse rule algorithm to parse the payload of each received packet in a manner that avoids double parsing of the payload of each received packet. 16. A system for classifying application traffic at a network traffic emulation device that emulates multiple application servers, the system comprising: a network traffic emulator, the network traffic emulator including: a plurality of transport layer ports for receiving mixed application traffic generated by different emulated client applications and transmitted to the network traffic emulator via a device under test; anda plurality of different application flows configured to monitor the mixed application traffic received from the different emulated client applications via the device under test on the same transport layer port, wherein the network traffic emulation device emulates a plurality of application servers including the different application flows, wherein each of the different application flows is configured to identify packet traffic associated with a particular application that is received from one of the different emulated client applications via the device under test, for each of the plurality of different application flows that monitor with the same transport layer port, to parse a payload of received packets associated with the same session in the mixed application traffic and to identify non-matching application flows based on whether a portion of each payload matches a signature associated with the application flow, and to eliminate, as identification candidates, non-matching application flows from the application flows that monitor packets received on the same transport layer port until a single application flow that identifies an application for the received packets associated with the same session remains;wherein network traffic emulator is further configured to compare payload data contained in a first session packet of the mixed application traffic with application flow signatures associated with the application flows, eliminate one or more non-matching application flows from the application flows if at least a portion of the payload data does not match the application flow signatures associated with the one or more non-matching application flows, and subsequently compare payload data contained in a subsequent session packet of the mixed application traffic with application flow signatures associated with the remaining application flows to eliminate non-matching application flows until the single application flow remains. 17. The system of claim 16 wherein the signature includes a predefined data sequence or pattern. 18. The system of claim 16 wherein the remaining application flow is configured to send packets to a client associated with the identified application to emulate at least a portion of an application protocol expected by the client. 19. The system of claim 16 wherein the device under test includes at least one of: a network address translator (NAT), a firewall, an intrusion detection system (IDS), an intrusion protection system (IPS), a deep packet inspection (DPI) device, a wide area network (WAN) optimization device, a layer 7 accelerator, and a server load balancer (SLB). 20. The system of claim 16 wherein the transport layer port is associated with a listening context that includes the plurality of different application flows. 21. The system of claim 20 wherein the listening context generates a session object upon a new session message being received at the transport layer port. 22. The system of claim 21 wherein the session object includes at least an active queue and an inactive queue for managing a plurality of application flow links that respectively identify the plurality of different application flows. 23. The system of claim 22 wherein the plurality of different application flows are further configured to transfer the application flow links from an active queue to an inactive queue in the session object. 24. The system of claim 16 wherein the plurality of different application flows are further configured to parse the payload of each received packet using a token parse rule that specifies at least a portion of the signature for the application flow. 25. The system of claim 24 wherein the token parse rule specifies a start indicator and an end indicator and content associated with the signature between the start indicator and the end indicator. 26. The system of claim 24 wherein the plurality of different application flows are further configured to use the token parse rule to store byte data positioned between two predefined tokens in the payload. 27. The system of claim 24 wherein the plurality of different application flows are further configured to use the token parse rule to discard byte data until a predefined token is detected in the payload. 28. The system of claim 24 wherein the plurality of different application flows are further configured to use the token parse rule to store all data until a predefined token is detected in the payload. 29. The system of claim 24 wherein the plurality of different application flows are further configured to utilize a multiple parse rule algorithm to parse the payload of each received packet in a manner that applies multiple token parse rules in parallel. 30. The system of claim 29 wherein the plurality of different application flows are further configured to parse the payload of each received packet in a manner that avoids double parsing of the payload of each received packet. 31. A non-transitory computer readable medium having stored thereon executable instructions that when executed by the processor of a computer control the computer to perform steps comprising: at a network traffic emulation device in a traffic simulation system: providing a plurality of different application flows for monitoring mixed application traffic received from different emulated client applications via a device under test on the same transport layer port, wherein the network traffic emulation device emulates a plurality of application servers including the different application flows, wherein each of the different application flows is configured to identify packet traffic associated with a particular application that is received from one of the different emulated client applications via the device under test;for each of the different application flows that monitor the same transport layer port, parsing a payload of received packets associated with the same session in the mixed application traffic and identifying non-matching application flows based on whether a portion of each payload matches a signature associated with the application flow; andeliminating, as identification candidates, non-matching application flows from the application flows that monitor packets received on the same transport layer port until a single application flow that identifies an application for the received packets associated with the same session remains, wherein eliminating the non-matching application flows from the plurality of application flows includes comparing payload data contained in a first session packet of the mixed application traffic with application flow signatures associated with the application flows, eliminating one or more non-matching application flows from the application flows if at least a portion of the payload data does not match the application flow signatures associated with the one or more non-matching application flows, and subsequently comparing payload data contained in a subsequent session packet of the mixed application traffic with application flow signatures associated with the remaining application flows to eliminate non-matching application flows until the single application flow remains.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (77)
Bennett Toby D. ; Davis Donald J. ; Harris Jonathan C. ; Miller Ian D., Apparatus and method for constructing data for transmission within a reliable communication protocol by performing portions of the protocol suite concurrently.
Schwaller Peter James ; Walker ; II John Quillian ; Joyce Steven Thomas ; Huntley Timothy Scott, Endpoint node systems computer program products for application traffic based communications network performance testing.
Justice,Timothy P.; Hiebert,Steven P., Formatting a content item in a text file using a discrimination stylesheet created using a heuristics stylesheet.
Ginsberg, Errol; Alston, Victor; Wild, III, Aloysius Arthur; Sheth, Ankur; Liu, Winston; Periakaruppan, Ram, Generating traffic for testing a system under test.
Narayan,Purnendu; Goradia,Dinesh; Jha,Chirag Nareshkumar; Duvur,Ramu; Mitra,Kashinath, Interactive automatic-test GUI for testing devices and equipment using shell-level, CLI, and SNMP commands.
Wygodny Shlomo (Ramat Hasharon ILX) Zohar Shahar (Rfar Saba ILX) Azulay Alex (Herzlia ILX) Slonim Yochanan (Herzlia ILX) Weinbaum David (Tel Aviv ILX), Interactive system for developing tests of system under test allowing independent positioning of execution start and sto.
Ross Ken (Santa Cruz CA) Margozzi Michael (San Jose CA) White Kevin (Los Gatos CA) First Carl (San Jose CA), Method and apparatus for analyzing networks.
Watanabe Yutaka,JPX ; Muraki Yasuaki,JPX ; Nakagawa Takashi,JPX, Method and apparatus for simulating a computer network system through collected data from the network.
Tsun, William; Chandra, Vikas; Wood, John Lee; Schwaller, Peter James, Methods, systems and computer program products for coordination of operations for interrelated tasks.
Peter James Schwaller ; John Quillian Walker, II ; Steven Thomas Joyce ; Timothy Scott Huntley, Methods, systems and computer program products for endpoint pair based communications network performance testing.
Schwaller Peter James ; Walker II John Quillian ; Joyce Steven Thomas ; Huntley Timothy Scott, Methods, systems and computer program products for endpoint pair based communications network performance testing.
Schwaller, Peter James; Bellinghausen, Joan Marie; Borger, Dana Scott; Hicks, Jeffrey Todd; Joyce, Steven Thomas; McCorry, Mark Eric; Selvaggi, Christopher David; Zelek, Mark Clarence, Methods, systems and computer program products for network performance testing through active endpoint pair based testing and passive application monitoring.
Vikas Chandra ; Mark Eric McCorry ; David Vi Hien Quan ; Peter James Schwaller ; Christopher David Selvaggi ; John Lee Wood, Methods, systems and computer program products for scheduled network performance testing.
Schwaller Peter James ; Walker ; II John Quillian ; Joyce Steven Thomas ; Huntley Timothy Scott, Methods, systems and computer program products for test scenario based communications network performance testing.
Mayton, Kim Irvin; Bellinghausen, Joan Marie; Schwaller, Peter James, Methods, systems and computer program products for tracking network device performance.
Majumdar, Partha; Ganguly, Pratik; Rakshit, Sirshendu; Chitradurga, Rohan, Methods, systems, and computer readable media for adjusting load at a device under test.
Majumdar, Partha; Chitradurga, Rohan, Methods, systems, and computer readable media for generating simulated network traffic using different traffic flows and maintaining a configured distribution of traffic between the different traffic flows and a device under test.
Popescu, Sorin-Cristian; Bondrescu, Adrian Lucian; Cordos, Cristian; Baisan, Adrian, Methods, systems, and computer readable media for processing multiple control and user data flows at a port processor.
Krause Jeffrey (Los Altos CA) Strohl Niles E. (Tracy CA) Seaman Michael J. (San Jose CA) Russell Steven P. (Menlo Park CA) Hart John H. (Saratoga CA), Multifunction network station with network addresses for functional units.
Krause Jeffrey (Los Altos CA) Strohl Niles E. (Tracy CA) Seaman Michael J. (San Jose CA) Russell Steven P. (Menlo Park CA) Hart John H. (Saratoga CA), Network station with multiple network addresses.
Narad Charles E. ; Fall Kevin ; MacAvoy Neil ; Shankar Pradip ; Rand Leonard M. ; Hall Jerry J., Packet processing system including a policy engine having a classification unit.
van Tetering Johannes A. M. (Zevenbergen NLX) Denissen Frank L. (Boom BEX), Performance measurement system for a telecommunication path and device used therein.
Charles E. Narad ; Kevin Fall ; Neil MacAvoy ; Pradip Shankar ; Leonard M. Rand ; Jerry J. Hall, Platform permitting execution of multiple network infrastructure applications.
Charles E. Narad ; Kevin Fall ; Neil MacAvoy ; Pradip Shankar ; Leonard M. Rand ; Jerry J. Hall, Programmable system for processing a partitioned network infrastructure.
Anderson Craig D. ; Anderson Mark B. ; Cookmeyer Eugene N. ; Daniels Ralph A. ; Wheat Lee E. ; Lingle Roger A., Protocol analyzer for monitoring digital transmission networks.
Amir Weinberg IL; Eran Leshem IL; Maxim Kholmyansky IL; Amos Garri IL; Nisim Tapiro IL; Meni Hillel, Software system and methods for testing the functionality of a transactional server.
Hershey Paul C. (Manassas VA) Waclawsky John G. (Frederick MD), System and method for a workstation monitoring and control of multiple networks having different protocols.
Broda, Tal; Solnit, Matt; Gardner, Kenneth C.; Powers, Craig; Hemmert, Michael; Vazac, Charles; Cosby, Kendall, System and method for provisioning and running a cross-cloud test grid.
Broda, Tal; Solnit, Matthew; Gardner, Kenneth C.; Powers, Craig R.; Hemmert, Michael; Vazac, Charles A.; Cosby, Kendall, System and method for provisioning and running a cross-cloud test grid.
Toby D. Bennett ; Donald J. Davis ; Jonathan C. Harris ; Ian D. Miller, System for transmitting and receiving data within a reliable communications protocol by concurrently processing portions of the protocol suite.
Kapoor, Harsh; Akerman, Moisey; Justus, Stephen D.; Ferguson, JC; Korsunsky, Yevgeny; Gallo, Paul S.; Lee, Charles Ching; Martin, Timothy M.; Fu, Chunsheng; Xu, Weidong, Systems and methods for processing data flows.
Kapoor, Harsh; Akerman, Moisey; Justus, Stephen D.; Ferguson, John C.; Korsunsky, Yevgeny; Gallo, Paul S.; Lee, Charles Ching; Martin, Timothy M.; Fu, Chunsheng; Xu, Weidong, Systems and methods for processing data flows.
Schwaller Peter James ; Walker ; II John Quillian ; Joyce Steven Thomas ; Huntley Timothy Scott, Systems, methods and computer program products for applications traffic based communications network performance testing.
Jolitz William Frederick ; Lawson Matthew Todd ; Jolitz Lynne Greer, TCP/IP network accelerator system and method which identifies classes of packet traffic for predictable protocols.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.