| 发明名称 | Trigger based recording of flows with play back | ||
| 摘要 | The various embodiments provide selective real-time monitoring of one or more flows of packets over a network, real-time buffering of packets for the one or more monitored flows, real-time recording of packets for one or more monitored flows and its corresponding buffered packets based on initiation of at least one trigger, and real-time analysis of the one or more recorded flows of packets regarding at least the occurrence of the at least one trigger. One or more flows of packets may be selected for monitoring by an administrator or an automated process based on different factors. In at least one of the various embodiments, the one or more monitored flows of packets are tagged and threaded so that they are separately accessible in a ring buffer. | ||
| 申请公布号 | US9191288(B2) | 申请公布日期 | 2015.11.17 |
| 申请号 | US201414518996 | 申请日期 | 2014.10.20 |
| 申请人 | ExtraHop Networks, Inc. | 发明人 | Rothstein Jesse Abraham;Seguin Kevin Michael |
| 分类号 | H04L12/26;H04L12/70;H04L12/861 | 主分类号 | H04L12/26 |
| 代理机构 | Lowe Graham Jones PLLC | 代理人 | Branch John W.;Lowe Graham Jones PLLC |
| 主权项 | 1. A method for improving the monitoring of flows of packets over a network, wherein a network computer performs the method by executing actions, comprising: selecting one or more of a plurality of flows for passive monitoring in real time over a network, wherein one or more other flows are related to the selected one or more flows; providing one or more triggers that is initiated in real time by one or more conditions that are associated with the one or more selected flows, wherein the one or more other flows are unassociated with the one or more conditions; buffering in real time the one or more selected flows in a buffer, wherein each selected flow is arranged as a thread in the buffer; when one of the plurality of selected flows dominates a capacity of the buffer, executing one or more actions including: modifying the real-time buffering of the dominant selected flow to reduce an amount of corresponding packets buffered in the buffer; orinstantiating a new buffer to separately buffer in real time the dominant selected flow; and when the one or more conditions occurs and initiates the one ormore triggers, recording in real time each packet for the one or more selected flows that is associated with the one or more conditions and each packet for the one or more other flows, wherein each buffered packet for the one or more selected flows is recorded in real time along with the selected flow's packets and each packet for the one or more other flows that are received after the initiation of the one or more triggers. | ||
| 地址 | Seattle WA US | ||