公开(公告)号：US06954789B2

公开(公告)日：2005-10-11

申请号：US10684776

申请日：2003-10-14

申请人： Russell S. Dietz ,  Joseph R. Maixner ,  Andrew A. Koppenhaver ,  William H. Bares ,  Haig A. Sarkissian ,  James F. Torgerson

发明人： Russell S. Dietz ,  Joseph R. Maixner ,  Andrew A. Koppenhaver ,  William H. Bares ,  Haig A. Sarkissian ,  James F. Torgerson

IPC分类号： G06F13/00 ,  G06F17/30 ,  H04L12/24 ,  H04L12/26 ,  H04L12/56 ,  H04L29/06 ,  H04L29/14 ,  G06F15/173

CPC分类号： H04L41/50 ,  G06F17/30985 ,  H04L29/06 ,  H04L41/142 ,  H04L41/5009 ,  H04L43/026 ,  H04L43/06 ,  H04L43/0817 ,  H04L43/0847 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/106 ,  H04L43/12 ,  H04L43/18 ,  H04L45/745 ,  H04L45/7453 ,  H04L47/2441 ,  H04L49/101 ,  H04L49/20 ,  H04L49/205 ,  H04L49/25 ,  H04L49/30 ,  H04L49/3009 ,  H04L49/35 ,  H04L69/16 ,  H04L69/161 ,  H04L69/18 ,  H04L69/22 ,  Y02D50/30

摘要： A monitor for and a method of examining packets passing through a connection point on a computer network. Each packets conforms to one or more protocols. The method includes receiving a packet from a packet acquisition device and performing one or more parsing/extraction operations on the packet to create a parser record comprising a function of selected portions of the packet. The parsing/extraction operations depend on one or more of the protocols to which the packet conforms. The method further includes looking up a flow-entry database containing flow-entries for previously encountered conversational flows. The lookup uses the selected packet portions and determining if the packet is of an existing flow. If the packet is of an existing flow, the method classifies the packet as belonging to the found existing flow, and if the packet is of a new flow, the method stores a new flow-entry for the new flow in the flow-entry database, including identifying information for future packets to be identified with the new flow-entry. For the packet of an existing flow, the method updates the flow-entry of the existing flow. Such updating may include storing one or more statistical measures. Any stage of a flow, state is maintained, and the method performs any state processing for an identified state to further the process of identifying the flow. The method thus examines each and every packet passing through the connection point in real time until the application program associated with the conversational flow is determined.

摘要翻译： 用于检查通过计算机网络上的连接点的分组的监视器和方法。 每个数据包符合一个或多个协议。 该方法包括从分组获取设备接收分组，并对分组执行一个或多个分析/提取操作，以创建包含分组的所选部分的功能的解析器记录。 解析/提取操作取决于数据包符合的一个或多个协议。 该方法还包括查找包含先前遇到的会话流的流入口的流入口数据库。 查找使用所选择的分组部分并确定分组是否是现有流。 如果分组是现有流，则该方法将分组归类为发现的现有流，并且如果分组是新流，则该方法在流入口数据库中存储用于新流的新流入口 ，包括识别要用新流入条目识别的未来数据包的信息。 对于现有流的数据包，该方法更新现有流的流入口。 这种更新可以包括存储一个或多个统计度量。 任何阶段的流程都保持状态，并且该方法对所识别的状态执行任何状态处理以进一步识别流程的过程。 因此，该方法实时检查通过连接点的每个分组，直到确定与会话流相关联的应用程序。

公开(公告)号：US06651099B1

公开(公告)日：2003-11-18

申请号：US09608237

申请日：2000-06-30

申请人： Russell S. Dietz ,  Joseph R. Maixner ,  Andrew A. Koppenhaver ,  William H. Bares ,  Haig A. Sarkissian ,  James F. Torgerson

发明人： Russell S. Dietz ,  Joseph R. Maixner ,  Andrew A. Koppenhaver ,  William H. Bares ,  Haig A. Sarkissian ,  James F. Torgerson

IPC分类号： G06F1300

CPC分类号： H04L41/50 ,  G06F17/30985 ,  H04L29/06 ,  H04L41/142 ,  H04L41/5009 ,  H04L43/026 ,  H04L43/06 ,  H04L43/0817 ,  H04L43/0847 ,  H04L43/0852 ,  H04L43/087 ,  H04L43/106 ,  H04L43/12 ,  H04L43/18 ,  H04L45/745 ,  H04L45/7453 ,  H04L47/2441 ,  H04L49/101 ,  H04L49/20 ,  H04L49/205 ,  H04L49/25 ,  H04L49/30 ,  H04L49/3009 ,  H04L49/35 ,  H04L69/16 ,  H04L69/161 ,  H04L69/18 ,  H04L69/22 ,  Y02D50/30

摘要： A monitor for and a method of examining packets passing through a connection point on a computer network. Each packets conforms to one or more protocols. The method includes receiving a packet from a packet acquisition device and performing one or more parsing/extraction operations on the packet to create a parser record comprising a function of selected portions of the packet. The parsing/extraction operations depend on one or more of the protocols to which the packet conforms. The method further includes looking up a flow-entry database containing flow-entries for previously encountered conversational flows. The lookup uses the selected packet portions and determining if the packet is of an existing flow. If the packet is of an existing flow, the method classifies the packet as belonging to the found existing flow, and if the packet is of a new flow, the method stores a new flow-entry for the new flow in the flow-entry database, including identifying information for future packets to be identified with the new flow-entry. For the packet of an existing flow, the method updates the flow-entry of the existing flow. Such updating may include storing one or more statistical measures. Any stage of a flow, state is maintained, and the method performs any state processing for an identified state to further the process of identifying the flow. The method thus examines each and every packet passing through the connection point in real time until the application program associated with the conversational flow is determined.

摘要翻译： 用于检查通过计算机网络上的连接点的分组的监视器和方法。 每个数据包符合一个或多个协议。 该方法包括从分组获取设备接收分组，并对分组执行一个或多个分析/提取操作，以创建包含分组的所选部分的功能的解析器记录。 解析/提取操作取决于数据包符合的一个或多个协议。 该方法还包括查找包含先前遇到的会话流的流入口的流入口数据库。 查找使用所选择的分组部分并确定分组是否是现有流。 如果分组是现有流，则该方法将分组归类为发现的现有流，并且如果分组是新流，则该方法在流入口数据库中存储用于新流的新流入口 ，包括识别要用新流入条目识别的未来数据包的信息。 对于现有流的数据包，该方法更新现有流的流入口。 这种更新可以包括存储一个或多个统计度量。 任何阶段的流程都保持状态，并且该方法对所识别的状态执行任何状态处理以进一步识别流程的过程。 因此，该方法实时检查通过连接点的每个分组，直到确定与会话流相关联的应用程序。

公开(公告)号：US06172990B2

公开(公告)日：2001-01-09

申请号：US08968551

申请日：1997-11-12

申请人： Alak K. Deb ,  Namakkal S. Sambamurthy ,  William H. Bares

发明人： Alak K. Deb ,  Namakkal S. Sambamurthy ,  William H. Bares

IPC分类号： H04J316

CPC分类号： H04L29/06 ,  H04L69/12 ,  H04L2012/5652 ,  H04L2012/5667

摘要： Disclosed are methods and apparatus for processing packet data received from a physical layer. The processing is performed in-line while streaming packets to an upper layer. The method includes loading an instruction set for custom programming the processing of packet data received from the physical layer. Determining a type of packet data received from the physical layer. Identifying a first word location in the packet data based on the contents of the instruction set. Examining the packet data received from the physical layer at the first identified word location. The method further includes storing an element indicative of information contained in the first identified word location into a data structure, and appending the data structure to the packet data before the packet is streamed to the upper layer. The methods and apparatus also have direct applicability to reducing a CPU's work load during transmissions of data over a network.

摘要翻译： 公开了用于处理从物理层接收的分组数据的方法和装置。 在将数据包传输到上层的同时进行在线执行。 该方法包括加载用于定制编程的指令集处理从物理层接收的分组数据。 确定从物理层接收的分组数据的类型。 基于指令集的内容识别分组数据中的第一个字位置。 检查在第一个识别的单词位置从物理层接收的分组数据。 该方法还包括将指示包含在第一识别字位置中的信息的元素存储到数据结构中，以及在将数据包流传输到上层之前将数据结构附加到分组数据。 这些方法和装置也可以直接适用于通过网络传输数据时减少CPU的工作负载。