In-line tool performance monitoring and adaptive packet routing
US-2017141989-A1 · May 18, 2017 · US
Persistent flow identifiers enabling disparate applications
US10693796B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10693796-B2 |
| Application number | US-201816207683-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 3, 2018 |
| Priority date | Jun 10, 2016 |
| Publication date | Jun 23, 2020 |
| Grant date | Jun 23, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments provide a system and method for network tracking. By using packet capture applications having a flow identifier and a time stamper, one or more raw packets from one or more packet flows intercepted from a network can be tagged with a unique identifier and timestamp that can later be used to aggregate packet flows that have been analyzed by one or more capture applications. The unique identifier can relate to the network interface of the particular capture application and can also have an increasing value, where the increase in value can be monotonic. Later capture applications, while capable of generating secondary timestamps, can disregard those secondary timestamps for the primary timestamp of the first capture application in order to remove complications arising from latency issues.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a network tracking system, the method comprising: receiving, by a first capture application connected to a network tap, one or more packet flows comprising one or more packets, transmitted through a network; identifying, by the first capture application, one or more beginning packets of the one or more packet flows; tagging, by the first capture application, each packet of the one or more packet flows with a flow identifier, wherein the flow identifier includes a unique identifier and an increasing value; associating, by the first capture application, the unique identifier with an identifier of the network tap, wherein the unique identifier is a MAC address of a network interface card of the network tap; tagging, by the first capture application, each packet of the one or more packet flows with a timestamp; and forwarding, by the first capture application, one or more tagged packets to a second capture application connected to the network tap. 2. The method as recited in claim 1 , further comprising: tagging, by the second capture application connected to the network tap, each packet of the tagged one or more packet flows with a second timestamp; forwarding, by the second capture application, the one or more tagged packets to a third capture application; and disregarding, by the third capture application, the second timestamp. 3. The method as recited in claim 1 , further comprising: increasing the increasing value monotonically with each unique packet flow identified. 4. The method as recited in claim 1 , further comprising: tagging the one or more packet flows through packet encapsulation. 5. The method as recited in claim 1 , further comprising: tagging the one or more packet flows through one or more firmware application program interfaces. 6. A computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a network tracking system, the method comprising: receiving from a network, through a first capture application connected to a network tap, one or more packet flows comprising one or more raw packets; tagging, by the first capture application, each raw packet with a timestamp; tagging, by the first capture application, each raw packet with a flow identifier, wherein the flow identifier includes a unique identifier and an increasing value; associating, by the first capture application, the unique identifier with an identifier of the network tap, wherein the unique identifier is a MAC address of a network interface card of the network tap; and forwarding, by the first capture application, the one or more tagged packets to a second capture application connected to the network tap. 7. The method as recited in claim 6 , further comprising: receiving, through the second capture application, the one or more tagged packets; tagging, by the second capture application, each packet with a second timestamp; tagging each packet with a second flow identifier, wherein the second flow identifier includes a second unique identifier and a second increasing value; and forwarding, by the second capture application, the one or more tagged packets to a third capture application; and disregarding, by the third capture application, the second timestamp and the second flow identifier. 8. The method as recited in claim 7 , further comprising: aggregating the one or more tagged packets using each tagged packet's flow identifier. 9. The method as recited in claim 6 , further comprising: increasing the increasing value monotonically with each unique packet flow identified by the particular capture application. 10. The method as recited in claim 6 , further comprising: tagging the one or more packet flows through packet encapsulation. 11. The method as recited in claim 6 , further comprising: tagging the one or more packet flows through one or more firmware application program interfaces. 12. A computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a network tracking system, the method comprising: tagging, through a first capture application connected to a network tap, one or more packet flows comprising one or more raw packets of network data with a flow identifier and a primary timestamp, wherein the flow identifier includes a unique identifier and an increasing value; associating, through the first capture application, the unique identifier with an identifier of the network tap, wherein the unique identifier is a MAC address of a network interface card of the network tap; forwarding, through the first capture application, one or more tagged packet flows to a second capture application connected to the network tap; tagging, through the second capture application, the one or more tagged packet flows with a secondary timestamp based on the time received by the second capture application; forwarding, through the second capture application, the one or more tagged packet flows to a third capture application connected to the network tap; and replacing, through the third capture application, the secondary timestamp with the primary timestamp. 13. The method as recited in claim 12 , further comprising: increasing, through first capture application, the increasing value monotonically with each unique packet flow identified by the particular first capture application. 14. The method as recited in claim 12 , further comprising: tagging, through first capture application, the one or more packet flows through packet encapsulation. 15. The method as recited in claim 12 , further comprising: tagging, through first capture application, the one or more packet flows through one or more firmware application program interfaces.
Assignees
Inventors
Classifications
- H04L43/106Primary
using time related information in packets, e.g. by adding timestamps · CPC title
in wire-line communication networks, e.g. low power modes or reduced link rate · CPC title
for supporting lawful interception, monitoring or retaining of communications or communication related information (circuit switched telephony call monitoring H04M3/2281) · CPC title
- H04L43/026Primary
using flow identification · CPC title
- H04L47/2441Primary
relying on flow classification, e.g. using integrated services [IntServ] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10693796B2 cover?
- Embodiments provide a system and method for network tracking. By using packet capture applications having a flow identifier and a time stamper, one or more raw packets from one or more packet flows intercepted from a network can be tagged with a unique identifier and timestamp that can later be used to aggregate packet flows that have been analyzed by one or more capture applications. The uniqu…
- Who is the assignee on this patent?
- IBM, Napatech As
- What technology area does this patent fall under?
- Primary CPC classification H04L43/106. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 23 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).