System and method for tracking domain names for the purposes of network management

1 . A method, comprising: intercepting a first data packet being transmitted from a domain name system (DNS) server to a first client device, the first data packet being a DNS response; extracting a first internet protocol (IP) address and a first hostname from the first data packet; and storing the first IP address and the first hostname in a first entry of an identification table. 2 . The method of claim 1 , further comprising: intercepting a second data packet being transmitted from a content server to a second client device; extracting the first IP address from a header of the second data packet; determining a characteristic of the second data packet; and updating the first entry of the identification table with the determined characteristic. 3 . The method of claim 2 , wherein the determined characteristic is an amount of bytes in the second data packet, a timestamp of the second data packet, or a combination thereof. 4 . The method of claim 3 , further comprising: pruning the first entry from the identification table based on the determined characteristic when the identification table exceeds a predetermined size. 5 . The method of claim 1 , further comprising: intercepting a second data packet being transmitted from a content server to a second client device; extracting a second IP address from a header of the second data packet; identifying a characteristic associated with the second IP address by accessing a second entry in the identification table; and managing a data flow including the second data packet based on the characteristic associated with the second IP address. 6 . The method of claim 5 , wherein managing the data flow includes causing the data flow to be transferred to the second user device over surplus network capacity of a network. 7 . The method of claim 5 , wherein a payload of the second data is encrypted, and wherein the second IP address is extracted from the header without performing decryption. 8 . The method of claim 5 , wherein the characteristic associated with the second IP address is a hostname associated with the second IP address, an amount of transferred bytes associated with the second IP address, a timestamp associated with the second IP address, or a combination thereof. 9 . The method of claim 1 , wherein extracting the IP address and the hostname from the first data packet includes reading the IP address and the hostname from resource records (RRs) in the DNS response. 10 . The method of claim 8 , wherein reading the IP address and the hostname from RRs in the DNS response includes reading the IP address in an ‘RDATA’ field of the DNS response and reading the hostname in a ‘NAME’ field of the DNS response. 11 . The method of claim 1 , wherein the identification table is a hash table. 12 . A system, comprising: a processor; and a memory storing program commands that, when executed by the processor, cause the first processor to: intercept a first data packet being transmitted from a domain name system (DNS) server to a first client device, the first data packet being a DNS response; extract a first internet protocol (IP) address and a first hostname from the first data packet; and store the first IP address and the first hostname in a first entry of an identification table. 13 . The system of claim 12 , wherein the program commands, when executed by the processor, further cause the processor to: intercept a second data packet being transmitted from a content server to a second client device; extract the first IP address from a header of the second data packet; determine a characteristic of the second data packet; and update the first entry of the identification table with the determined characteristic. 14 . The system of claim 12 , wherein the program commands, when executed by the processor, further cause the processor to: intercept a second data packet being transmitted from a content server to a second client device; extract a second IP address from a header of the second data packet; identify a characteristic associated with the second IP address by accessing a second entry in the identification table; and manage a data flow including the second data packet based on the characteristic associated with the second IP address. 15 . The system of claim 12 , wherein the processor extracts the IP address and the hostname from the first data packet by reading the IP address and the hostname from resource records (RRs) in the DNS response. 16 . The system of claim 15 , wherein reading the IP address and the hostname from RRs in the DNS response includes reading the IP address in an ‘RDATA’ field of the DNS response and reading the hostname in a ‘NAME’ field of the DNS response. 17 . A system, comprising: a domain name system (DNS) spy including a first processor and a first memory, the first memory storing program commands that, when executed by the first processor, cause the first processor to: extract a plurality of internet protocol (IP) addresses and a plurality of hostnames from a plurality of first data packets, respectively, each of the first data packets being a DNS response; and store the plurality of IP addresses and the plurality of hostnames in a plurality of entries of an identification table, the identification table being indexed by the plurality of IP addresses; and a transport manager including a second processor and a second memory, the second memory storing program commands that, when executed by the second processor, cause the second processor to: extract a second IP address from a header of a non-DNS packet; determine a second hostname corresponding to the second IP address by accessing reading one of the plurality of entries including the second IP address; and manage a data flow based on the second hostname, the data flow including the second packet.