Application template generation and deep packet inspection approach for creation of micro-segmentation policy for network applications
US-2018176252-A1 · Jun 21, 2018 · US
Generating network system maps based on network traffic
US12489695B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12489695-B2 |
| Application number | US-202318464361-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 11, 2023 |
| Priority date | Jun 30, 2021 |
| Publication date | Dec 2, 2025 |
| Grant date | Dec 2, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, methods, and related technologies for generating a network system map based on network traffic and possibly additional data are described. Network traffic may be received and parsed to obtain metadata associated with the network traffic. A network system may be identified based on the metadata. A network system map may be generated for the network system based on one or more of the metadata or the additional data.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method, comprising: accessing, by a network monitoring device coupled to a network, network traffic from the network, wherein the network traffic is transmitted by a plurality of devices communicatively coupled to the network; parsing the network traffic to obtain metadata of the network traffic, wherein the metadata comprises properties associated with the plurality of devices and properties of the network traffic; identifying a network system based on the metadata of the network traffic, wherein: the network system comprises a subset of the plurality of devices wherein at least one of a vendor or a model of the subset of the plurality of devices is retrieved from a data store; and the network system provides a dedicated network based functionality for one or more other devices via the network; and generating a network system map for the network system based on the metadata and based on at least one of the vendor or the model of the subset of the plurality of devices, wherein the network system map comprises identifiers for each of the subset of the plurality of devices and indicates couplings between the subset of the plurality of devices. 2 . The method of claim 1 , wherein identifying the network system comprises: selecting a first device from the plurality of devices, based on one or more of the metadata of the network traffic and additional data, wherein the network system comprises the first device; and determining a network system type for the network system, a network system name for the network system, and a network system role for the first device based on the metadata of the network traffic, wherein the network system role indicates a role of the first device within the network system. 3 . The method of claim 2 , wherein the network system map is generated based on the network system type for the network system, the network system name for the network system, and the network system role. 4 . The method of claim 2 , wherein identifying the network system further comprises: selecting additional devices at different coupling levels to the first device, wherein the network system further comprises the additional devices; and determining additional network system roles for the additional devices. 5 . The method of claim 4 , wherein the network system map is generated further based on the additional network system roles for the additional devices. 6 . The method of claim 1 , wherein the metadata of the network traffic comprises at least one of one or more of headers of the network traffic, footers of the network traffic, one or more protocols of the network traffic, or one or more sizes of the network traffic. 7 . The method of claim 1 , wherein parsing the network traffic comprises: determining one or more of a set of times when packets of the network traffic were transmitted and a set of sizes of the packets of the network traffic. 8 . The method of claim 1 , wherein the network system map is initially generated without performing deep packet inspection on the network traffic or without parsing payloads of the network traffic. 9 . The method of claim 8 , further comprising: analyzing one or more payloads of the network traffic; and updating the network system map based on the payloads of the network traffic. 10 . The method of claim 1 , wherein: the network system map is generated further based on a set of libraries; and the set of libraries comprises data for classifying different devices of the network and for classifying different network systems. 11 . The method of claim 1 , further comprising: obtaining additional network traffic from the network, wherein the additional network traffic is transmitted by the plurality of devices communicatively coupled to the network; parsing the additional network traffic to obtain additional metadata of the additional network traffic; and updating the network system map for the network system. 12 . A system, comprising: a memory; and a processing device, operatively coupled to the memory, to: access network traffic from a network, wherein the network traffic is transmitted by a plurality of devices communicatively coupled to the network; parse the network traffic to obtain metadata of the network traffic, wherein the metadata comprises properties associated with the plurality of devices and properties of the network traffic; identify a network system based on the metadata of the network traffic, wherein: the network system comprises a subset of the plurality of devices, and wherein at least one of a vendor or a model of the subset of the plurality of devices is retrieved from a data store; and the network system provides a dedicated network based functionality for one or more other devices via the network; and generate a network system map for the network system based on the metadata and based on at least one of the vendor or the model of the subset of the plurality of devices, wherein the network system map comprises identifiers for each of the subset of the plurality of devices and indicates couplings between the subset of the plurality of devices. 13 . The system of claim 12 , wherein to identify the network system the processing device is further to: select a first device from the plurality of devices, based on one or more of the metadata of the network traffic and additional data, wherein the network system comprises the first device; and determine a network system type for the network system, a network system name for the network system, and a network system role for the first device based on the metadata of the network traffic, wherein the network system role indicates a role of the first device within the network system. 14 . The system of claim 13 , wherein the network system map is generated based on the network system type for the network system, the network system name for the network system, and the network system role. 15 . The system of claim 13 , wherein to identify the network system the processing device is further to: select additional devices at different coupling levels to the first device, wherein the network system further comprises the additional devices; and determine additional network system roles for the additional devices. 16 . The system of claim 15 , wherein the network system map is generated further based on the additional network system roles for the additional devices. 17 . The system of claim 12 , wherein the metadata of the network traffic comprises at least one of one or more of headers of the network traffic, footers of the network traffic, one or more protocols of the network traffic, or one or more sizes of the network traffic. 18 . The system of claim 12 , wherein to parse the network traffic the processing device is further to: determine one or more of a set of times when packets of the network traffic were transmitted and a set of sizes of the packets of the network traffic. 19 . The system of claim 12 , wherein the network system map is initially generated without performing deep packet inspection on the network traffic or without parsing payloads of the network traffic. 20 . A non-transitory computer readable medium having instructions encoded thereon that, when executed by a processing device, cause the processing device to: access network traffic from a network, wherein the network traffic is transmitted by a plurality of devices communicatively coupled to the network; parse the network traffic to obtain meta
Assignees
Inventors
Classifications
by filtering · CPC title
Discovery or management thereof, e.g. service location protocol [SLP] or web services · CPC title
Discovery or management of network topologies · CPC title
- H04L43/045Primary
for graphical visualisation of monitoring data · CPC title
- H04L63/1408Primary
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12489695B2 cover?
- Systems, methods, and related technologies for generating a network system map based on network traffic and possibly additional data are described. Network traffic may be received and parsed to obtain metadata associated with the network traffic. A network system may be identified based on the metadata. A network system map may be generated for the network system based on one or more of the met…
- Who is the assignee on this patent?
- Forescout Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L43/045. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 02 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).