Selective deep packet inspection

摘要

Methods, systems, and computer program products for packet inspection are provided herein. The method includes the steps of receiving a first packet of a stream of packets and processing the first packet using a slow processing path. The method also includes the steps of examining a network layer or transport layer of the first packet to determine whether a protocol used by the stream of packets is relevant, and transferring subsequent packets in the stream to a fast processing path if the protocol used is not relevant. The method further includes the steps of examining an application layer of a pre-determined number of packets subsequent to the first packet to determine whether a Uniform Resource Locator (URL) field of each of the pre-determined number of packets is relevant, and transferring packets subsequent to the pre-determined number of packets to a fast processing path if the URLs are not relevant.

主权项

1. A method for selective packet inspection, comprising:
receiving a first packet of a stream of packets; processing the first packet using a first processing path; examining the first packet to determine whether a protocol used by the stream of packets is relevant to deep packet inspect and to data mine the first packet for relevant data; transferring subsequent packets in the stream of packets to a second processing path if the protocol used by the stream of packets is not relevant, the second processing path processing a subsequent packet of the subsequent packets in less time than the first processing path; examining headers of a pre-determined number of packets, subsequent to the first packet, of the stream of packets to determine whether a destination of the pre-determined number of packets is relevant; and transferring packets in the stream of packets subsequent to the pre-determined number of packets to the second processing path if the destination of the pre-determined number of packets is not relevant.