System and method for real-time analysis of network traffic

摘要

A mirrored live-data flow of the live-data flow passing through a selected point within a network is monitored at a first processing node. The live-data flow comprises data that is in active transmission between endpoints in the network and prior to exit from the network and onward storage of the data in a database. Each packet within the mirrored data flow is decoded at the first processing node according to each protocol associated with a packet. Packets having a plurality of protocols associated therewith are decoded in parallel with each other. Each of the decoded packets are compared at the first processing node to a set of predetermined or deduced conditions. A predetermined or deduced response is executed based upon detection of a predetermined or deduced condition within the decoded packets. At least a portion of the decoded packets of the live-data flow causing execution of the predetermined or deduced response are processed at a second processing node to determine a manner for controlling an operation of the network at a same time the live-data flow is in active transmission between the endpoints in the network. The operation of the network is controlled in response to the processing step.

主权项

1. A method for monitoring live-data flow through a network, comprising:
monitoring, at a first processing node, a mirrored live-data flow of the live-data flow passing through at least one selected point within the network in a non-intrusive manner that does not affect the live-data flow passing through the at least one selected point, wherein the live-data flow comprises a plurality of simultaneous live-data flows that are in active transmission between endpoints in the network and prior to onward storage of the data in a database; decoding, at the first processing node, data within the mirrored data flow according to each protocol associated with the data, wherein the data has a plurality of protocols associated therewith, and the data is decoded in parallel according to each of the plurality of protocols; comparing, at the first processing node, the decoded data to at least one of a set of predetermined or deduced conditions defined by at least one of a plurality of applications implemented on a second processing node; executing at least one of a predetermined or deduced response including an indication of occurrence of the at least one predetermined or deduced condition based upon detection of the at least one predetermined or deduced condition within the decoded data; forwarding from the first processing node to a second processing node data from at least one of the plurality of simultaneous live-data flows based upon occurrence of the at least one predetermined or deduced condition defined by at least one of a plurality of applications implemented on the second processing node within the at least one of the plurality of simultaneous live-data flows; processing, at the second processing node, at least a portion of the decoded data forwarded from the first processing node using at least one of the plurality of applications implemented on the second processing node, the processing of the decoded data by the at least one of the plurality of applications causing execution of the at least one predetermined or deduced response to determine a manner for controlling an operation of the network at a same time the live-data flow is in active transmission between the endpoints in the network; and controlling the operation of the network in response to the processing step while events associated with the live-data flow are occurring within the network.