Method and apparatus for detecting type of network data flow
US-10333854-B2 · Jun 25, 2019 · US
Length control for packet header sampling
US10523536B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10523536-B2 |
| Application number | US-201515769417-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 26, 2015 |
| Priority date | Oct 26, 2015 |
| Publication date | Dec 31, 2019 |
| Grant date | Dec 31, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A network node (110) samples data packets of network traffic. For each sampled data packet, the network node (110) compares a packet header of the sampled data packet to a set of one or more packet header patterns. Depending on the comparison, the network node (110) determines a length of a packet header portion to be extracted from the sampled data packet. Then the network node (110) extracts the packet header portion of the determined length from the sampled data packet and generates a datagram comprising the extracted packet header portions of the sampled data packets.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method of monitoring network traffic, the method comprising a network node: sampling data packets of network traffic; for each sampled data packet, comparing a packet header of the sampled data packet to a set of one or more packet header patterns, wherein each packet header pattern is defined by a sequence of one or more protocol types; determining, depending on the comparison, a length of a packet header portion to be extracted from the sampled data packet; extracting the packet header portion of the determined length from the sampled data packet; and generating a datagram comprising the extracted packet header portions of the sampled data packets, wherein the method further comprising: based on the comparison, determining a packet header pattern from the set which best matches the packet header of the sampled data packet; and determining the length in such a way that the packet header portion to be extracted includes protocol headers corresponding to the sequence of protocol types defining the best matching packet header pattern. 2. The method of claim 1 , further comprising the network node: in the sampled data packet, identifying: a first byte of a first protocol header of the sequence of protocol types defining the best matching packet header pattern; and a last byte of a last protocol header of the sequence of protocol types defining the best matching packet header pattern; and determining the packet header portion to be extracted to extend from the first byte of the first protocol header of the sequence of protocol types defining the best matching packet header pattern to the last byte of the last protocol header of the sequence of protocol types defining the best matching packet header pattern. 3. The method of claim 1 , further comprising the network node, in response to identifying no packet header pattern from the set which matches the packet header of the sampled data packet, determining the length to correspond to a configured maximum length. 4. The method of claim 1 , wherein the length of the packet header portion extracted from the sampled data packet differs between at least some of the sampled data packets. 5. The method of claim 1 , further comprising the network node transmitting the datagram to a further network node for analysis. 6. The method of claim 1 , further comprising the network node receiving configuration information indicating the set of one or more packet header patterns from a management node. 7. The method of claim 1 , wherein the datagram corresponds to an sFlow datagram. 8. A method of controlling monitoring of network traffic by a management node, the method comprising: determining a set of one or more packet header patterns; and sending configuration information indicating the set of one or more packet header patterns to at least one network node configured to sample data packets of network traffic, wherein each packet header pattern is defined by a sequence of one or more protocol types; wherein the set of one or more packet header patterns enables the at least one network node to: compare, for each sampled data packet, a packet header of the sampled data packet to the set of one or more packet header patterns, depending on the comparison, determine a length of a packet header portion to be extracted from the sampled data packet, extract the packet header portion of the determined length from the sampled data packet; and generate a datagram comprising the extracted packet header portions of the sampled data packets, wherein the network node is further caused to based on the comparison, determine a packet header pattern from the set which best matches the packet header of the sampled data packet; and determine the length in such a way that the packet header portion to be extracted includes protocol headers corresponding to the sequence of protocol types defining the best matching packet header pattern. 9. The method of claim 8 , wherein the length of the packet header portion extracted from the sampled data packet differs between at least some of the sampled data packets. 10. The method of claim 8 , wherein the datagram corresponds to an sFlow datagram. 11. A network node, comprising: processing circuitry; memory containing instructions executable by the processing circuitry whereby the network node is operative to: sample data packets of network traffic; for each sampled data packet, compare a packet header of the sampled data packet to a set of one or more packet header patterns, wherein each packet header pattern is defined by a sequence of one or more protocol types; depending on the comparison, determine a length of a packet header portion to be extracted from the sampled data packet; extract the packet header portion of the determined length from the sampled data packet; and generate a datagram comprising the extracted packet header portions of the sampled data packets, wherein the instructions are such that the network node is operative to: based on the comparison, determine a packet header pattern from the set which best matches the packet header of the sampled data packet; and determine the length in such a way that the packet header portion to be extracted includes protocol headers corresponding to the sequence of protocol types defining the best matching packet header pattern. 12. The network node of claim 11 , wherein the instructions are such that the network node is operative to: in the sampled data packet, identify: a first byte of a first protocol header of the sequence of protocol types defining the best matching packet header pattern; and a last byte of a last protocol header of the sequence of protocol types defining the best matching packet header pattern; and determine the packet header portion to be extracted to extend from the first byte of the first protocol header of the sequence of protocol types defining the best matching packet header pattern to the last byte of the last protocol header of the sequence of protocol types defining the best matching packet header pattern. 13. The network node of claim 12 , wherein the instructions are such that the network node is operative to in response to identifying no packet header pattern from the set which matches the packet header of the sampled data packet, determine the length to correspond to a configured maximum length. 14. The network node of claim 11 , wherein the length of the packet header portion extracted from the sampled data packet differs between at least some of the sampled data packets. 15. The network node of claim 11 , wherein the instructions are such that the network node is operative to transmit the datagram to a further network node for analysis. 16. The network node of claim 11 , wherein the instructions are such that the network node is operative to receive configuration information indicating the set of one or more packet header patterns from a management node. 17. The network node of claim 11 , wherein the datagram corresponds to an sFlow datagram. 18. A management node, the management node being configured to: processing circuitry; memory containing instructions executable by the processing circuitry whereby the management node is operative to: determine a set of one or more packet header patterns, wherein each packet header pattern is defined by a sequence of one or more protocol types; and send configuration information indicating the set of one or more packet header patterns to at least one network node configured to sample data packets of n
Assignees
Inventors
Classifications
Parsing or analysis of headers · CPC title
by filtering · CPC title
Protocol analysers · CPC title
- H04L43/022Primary
by sampling · CPC title
Processing captured monitoring data, e.g. for logfile generation · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10523536B2 cover?
- A network node (110) samples data packets of network traffic. For each sampled data packet, the network node (110) compares a packet header of the sampled data packet to a set of one or more packet header patterns. Depending on the comparison, the network node (110) determines a length of a packet header portion to be extracted from the sampled data packet. Then the network node (110) extracts …
- Who is the assignee on this patent?
- Ericsson Telefon Ab L M
- What technology area does this patent fall under?
- Primary CPC classification H04L43/022. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 31 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).