Session aware adaptive packet filtering

What is claimed: 1. A method comprising: receiving, by a network device, a plurality of packets from a network; storing, by a network device, the plurality of packets in a buffer while a session to which the plurality of packets belong has not been identified by the network device; receiving, by the network device, a first packet from the network, wherein the first packet is not one of the plurality of packets; identifying, by the network device, a session to which the first packet belongs, after storing the plurality of packets in the buffer, based on the first packet satisfying a first criterion, wherein the first criterion comprises the first packet satisfying a regular expression; after identifying the session to which the first packet belongs, determining, by the network device, that one or more of the plurality of packets stored in the buffer belong to said session, and performing, by the network device, a packet processing action on the first packet and on said one or more of the plurality of packets stored in the buffer that belong to said session; receiving a second packet by the network device after said receiving the first packet, wherein the second packet is not one of the plurality of packets; determining, by the network device, that the second packet belongs to said session based on a plurality of header values of the second packet, wherein the second packet does not satisfy the regular expression; in response to determining that the second packet belongs to said session, performing, by the network device, the packet processing action on the second packet, wherein the packet processing action includes forwarding, by the network device, the second packet to one or more ports of the network device, for delivery to one or more external network tools, based on the identified session. 2. The method of claim 1 , wherein the first packet and the second packet belong to different types of network traffic, respectively. 3. The method of claim 1 , wherein the first packet belongs to a root conversation between two nodes, and the second packet belongs to a child conversation. 4. The method of claim 1 , wherein the session is unidirectional. 5. The method of claim 1 , wherein the session is bi-directional. 6. The method of claim 5 , wherein the first packet is a copy of a packet being transmitted from a first node to a second node, and the second packet is a copy of a packet being transmitted from the second node to the first node. 7. The method of claim 1 , wherein the act of performing the packet processing action comprises dropping or modifying packets not belonging to the identified session. 8. The method of claim 1 , wherein the act of performing the packet processing action comprises forwarding all packets belonging to the session received after the first packet is received, to the one or more ports of the network device. 9. The method of claim 1 , wherein the act of performing the packet processing action comprises forwarding a subset of all packets belonging to the session received after the first packet is received, to the one or more ports of the network device. 10. The method of claim 9 , wherein the subset is user-defined based on a number of packets, and/or a prescribed duration. 11. The method of claim 1 , wherein the act of performing the packet processing action comprises dropping some or all packets identified based on a second criterion that is different from the first criterion, or forwarding some or all packets identified based on the second criterion to the one or more ports. 12. The method of claim 1 , wherein the method further comprises: forwarding some or all of the buffered packets associated with the session after the session is identified; and forwarding additional packets associated with the identified session, the additional packets being received by the network device after the session is identified. 13. The method of claim 1 , further comprising receiving additional packets by the network device before the first packet is received. 14. The method of claim 13 , further comprising buffering the additional packets until the session is identified. 15. The method of claim 13 , wherein the act of performing the packet processing action comprises retroactively forwarding some or all packets belonging to the session in the additional packets to the one or more ports of the network device, or dropping some or all of the additional packets. 16. The method of claim 13 , wherein the additional packets are buffered packets. 17. The method of claim 16 , wherein a size of the buffered packets is based on a maximum buffering time and/or a maximum size. 18. The method of claim 16 , wherein the buffered packets include packets belonging to the session that are received before the first packet, and the method further includes retroactively identifying the packets belonging to the session from the buffered packets. 19. The method of claim 1 , further comprising performing a cleaning process for the session when a user-defined time is reached, when a maximum number of sessions is reached, when there is inactivity for a prescribed duration, or when another criterion is met. 20. The method of claim 1 , wherein the network device comprises a single network appliance or multiple network appliances. 21. A network device comprising: a network port through which to receive from a network a plurality of packets, a first packet and a second packet, wherein the first packet and the second packet are not included in the plurality of packets, and wherein the second packet is received by the network device after the first packet; a buffer; one or more instrument ports through which to communicate with one or more external network monitoring instruments and/or one or more media; and a processing unit coupled to the network port and the one or more instrument ports, wherein the processing unit is configured to: store the plurality of packets in the buffer while a session to which the plurality of packets belong has not been identified by the network device; identify a session to which the first packet belongs, after storing the plurality of packets in the buffer, based on the first packet satisfying a first criterion, wherein the first criterion comprises the first packet satisfying a regular expression; after identifying the session to which the first packet belongs, determine that one or more of the plurality of packets stored in the buffer belong to said session, and perform a packet processing action on the first packet and on said one or more of the plurality of packets stored in the buffer that belong to said session; determine that the second packet belongs to said session based on a plurality of header values of the second packet, wherein the second packet does not satisfy the regular expression; in response to determining that the second packet belongs to said session, perform said packet processing action on the second packet, wherein the packet processing action includes forwarding the second packet to one or more ports of the network device, for delivery to one or more of the external network monitoring instruments, based on the identified session. 22. The network device of claim 21 , wherein the first packet and the second packet belong to different types of network traffic, respectively. 23. The network device of claim 21 , wherein the first packet belongs to a root conversation between two nodes, and the second packet belongs t