公开(公告)号：US11539631B2

公开(公告)日：2022-12-27

申请号：US16915321

申请日：2020-06-29

Applicant: Juniper Networks, Inc.

Inventor： Sheeja J S

IPC: H04L47/2441 ,  H04L47/2483 ,  G06F16/29 ,  H04L45/00 ,  H04L43/08 ,  H04L47/2416

Abstract: A network monitoring device may receive, from a mediation device, flow-tap geolocation information that identifies a geographical location (e.g., that is derived based on current and/or previous flow-tap investigation reports) and may obtain, from a geographical Internet protocol (GeoIP) database and based on the flow-tap geolocation information, a plurality of Internet protocol (IP) addresses that are associated with the geographical location. The network device may map the plurality of IP addresses to a flow-tap content destination address of a content destination device in a plurality of entries of a flow-tap geolocation filter. The network device may detect, based on the flow-tap geolocation filter, a traffic flow that is associated with the geographical location, may generate a traffic flow copy, and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination to enable a context analysis of the traffic flow.

公开(公告)号：US20210352019A1

公开(公告)日：2021-11-11

申请号：US16915321

申请日：2020-06-29

Applicant: Juniper Networks, Inc.

Inventor： Sheeja J S

IPC: H04L12/851 ,  H04L12/853 ,  H04L12/721 ,  H04L12/26 ,  G06F16/29

Abstract: A network monitoring device may receive, from a mediation device, flow-tap geolocation information that identifies a geographical location (e.g., that is derived based on current and/or previous flow-tap investigation reports) and may obtain, from a geographical Internet protocol (GeoIP) database and based on the flow-tap geolocation information, a plurality of Internet protocol (IP) addresses that are associated with the geographical location. The network device may map the plurality of IP addresses to a flow-tap content destination address of a content destination device in a plurality of entries of a flow-tap geolocation filter. The network device may detect, based on the flow-tap geolocation filter, a traffic flow that is associated with the geographical location, may generate a traffic flow copy, and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination to enable a context analysis of the traffic flow.

公开(公告)号：US11811834B2

公开(公告)日：2023-11-07

申请号：US17818099

申请日：2022-08-08

Applicant: Juniper Networks, Inc.

Inventor： Sheeja J S

IPC: H04L9/40 ,  H04L45/00 ,  H04L47/32 ,  H04L45/302 ,  H04L45/74

CPC classification number: H04L63/306 ,  H04L45/306 ,  H04L45/566 ,  H04L45/74 ,  H04L47/32 ,  H04L63/0245 ,  H04L63/166

Abstract: A network device ensures availability of content destination devices, and may receive a request to install a filter, and the request may include information identifying a set of content destination devices capable of receiving packets that match the filter, and priority values indicating priorities by which the set of content destination devices are to receive the packets. The network device may receive status indications indicating availabilities associated with the set of content destination devices, and may receive a packet destined for an endpoint device. The network device may generate a copy of the packet, and may determine that a packet feature matches the filter. The network device may select a particular content destination device, from the set of content destination devices, based on the priority values and the status indications, and may cause the copy of the packet to be forwarded to the particular content destination device.

公开(公告)号：US20210289004A1

公开(公告)日：2021-09-16

申请号：US16819996

申请日：2020-03-16

Applicant: Juniper Networks, Inc.

Inventor： Sheeja J S

IPC: H04L29/06 ,  G06F8/61

Abstract: A network device may receive a request, to install a filter, that includes information identifying a first source address, a first destination address, a content destination device, and a tapping level indicator. The network device may create an additional filter, based on the tapping level indicator, by setting the first destination address as a second source address, determining a third destination address that is a destination for the second source address, and setting the third destination address as a third source address. The network device may add the filter and the additional filter to a list of filters, and may receive, from source devices, packets destined for destination devices. The network device may generate a copy of a packet, and may determine that the copy of the packet matches the filter or the additional filter. The network device may forward the copy of the packet to the content destination device.

公开(公告)号：US20210067564A1

公开(公告)日：2021-03-04

申请号：US16555195

申请日：2019-08-29

Applicant: Juniper Networks, Inc.

Inventor： Sheeja J S

IPC: H04L29/06 ,  H04L12/26

Abstract: A network device may receive a request to install a filter associated with an application identifier or a uniform resource locator (URL), and may add, based on the request, information identifying the filter to a list of filters associated with the network device. The network device may receive a packet destined for an endpoint device, may generate a copy of the packet, and may cause the packet to be forwarded to the endpoint device. The network device may perform deep packet inspection of the copy to identify a packet application identifier or a packet URL, and may determine whether the packet application identifier or the packet URL matches the application identifier or the URL. The network device may cause the copy of the packet to be forwarded to a content destination device when the packet application identifier or the packet URL matches the application identifier or the URL.

公开(公告)号：US12289349B2

公开(公告)日：2025-04-29

申请号：US18500351

申请日：2023-11-02

Applicant: Juniper Networks, Inc.

Inventor： Sheeja J S

IPC: H04L9/40 ,  H04L43/026 ,  H04L43/028 ,  H04L43/12 ,  H04L41/12 ,  H04L41/22

Abstract: A network monitoring device may receive, from a mediation device, flow-tap content data (generated by the mediation device based on current and/or previous investigation reports associated with flow tapping) that needs to be monitored. The network monitoring device may map the content data to a flow-tap content destination address of a content destination device in an entry of a flow-tap content filter. The network monitoring device may analyze, using the flow-tap content filter, network traffic of the network to detect a traffic flow that includes the content data. The network monitoring device may generate, based on successfully detecting a traffic flow that includes the content data, a traffic flow copy and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination device to enable a context analysis of the content data.

公开(公告)号：US11245599B2

公开(公告)日：2022-02-08

申请号：US16912930

申请日：2020-06-26

Applicant: Juniper Networks, Inc.

Inventor： Sheeja J S

IPC: H04L29/08 ,  H04L12/26 ,  H04L9/32 ,  H04L12/851 ,  H04L12/721 ,  H04L29/06

Abstract: A network monitoring device may receive flow-tap information that identifies a traffic flow characteristic and a signed URL associated with a signed URL platform from a mediation device. The network device may map the traffic flow characteristic to the signed URL in an entry of a flow-tap filter that is maintained within a data structure of the network device. The network device may analyze, using the flow-tap filter, network traffic of the network to detect a traffic flow that is associated with the traffic flow characteristic. The network device may generate, based on detecting the traffic flow in the network traffic, a traffic flow copy that is associated with the traffic flow. The network device may provide, based on the signed URL, the traffic flow copy to the signed URL platform, wherein the traffic flow copy is to be accessible to an authorized user device via the signed URL.

公开(公告)号：US20210351996A1

公开(公告)日：2021-11-11

申请号：US16915285

申请日：2020-06-29

Applicant: Juniper Networks, Inc.

Inventor： Sheeja J S

IPC: H04L12/26 ,  H04L29/06

Abstract: A network monitoring device may receive, from a mediation device, flow-tap content data (generated by the mediation device based on current and/or previous investigation reports associated with flow tapping) that needs to be monitored. The network monitoring device may map the content data to a flow-tap content destination address of a content destination device in an entry of a flow-tap content filter. The network monitoring device may analyze, using the flow-tap content filter, network traffic of the network to detect a traffic flow that includes the content data. The network monitoring device may generate, based on successfully detecting a traffic flow that includes the content data, a traffic flow copy and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination device to enable a context analysis of the content data.

公开(公告)号：US12120093B1

公开(公告)日：2024-10-15

申请号：US18189552

申请日：2023-03-24

Applicant: Juniper Networks, Inc.

Inventor： Sheeja J S

IPC: G06F15/173 ,  H04L9/40 ,  H04W8/20

CPC classification number: H04L63/0236 ,  H04L63/101 ,  H04W8/20

Abstract: A network device may provide a request for blacklists specific to respective subscribers. The network device may receive a first blacklist of network addresses associated with a first subscriber and a second blacklist of network addresses associated with a second subscriber. The network device may receive first traffic associated with a first network address and destined for the first subscriber, and may determine whether the first network address is included in the first blacklist. The network device may prevent the first traffic from being provided to the first subscriber when the network address is included in the first blacklist, or may allow the first traffic to be provided to the first subscriber when the network address is not included in the first blacklist.

公开(公告)号：US20220150140A1

公开(公告)日：2022-05-12

申请号：US17584652

申请日：2022-01-26

Applicant: Juniper Networks, Inc.

Inventor： Sheeja J S

IPC: H04L43/026 ,  H04L9/32 ,  H04L47/2441 ,  H04L45/00 ,  H04L9/40

Abstract: A network monitoring device may receive flow-tap information that identifies a traffic flow characteristic and a signed URL associated with a signed URL platform from a mediation device. The network device may map the traffic flow characteristic to the signed URL in an entry of a flow-tap filter that is maintained within a data structure of the network device. The network device may analyze, using the flow-tap filter, network traffic of the network to detect a traffic flow that is associated with the traffic flow characteristic. The network device may generate, based on detecting the traffic flow in the network traffic, a traffic flow copy that is associated with the traffic flow. The network device may provide, based on the signed URL, the traffic flow copy to the signed URL platform, wherein the traffic flow copy is to be accessible to an authorized user device via the signed URL.