| 发明名称 | System and method for capturing network traffic | ||
| 摘要 | In certain embodiments, a method includes receiving, by a capture device, traffic flows transmitted by a plurality of client devices, each of the traffic flows being associated with one of the plurality of client devices and comprising encrypted data. The method further includes receiving, by the capture device, flow information communicated from a proxy server communicatively coupled to the capture device, the flow information comprising an identification of a particular traffic flow and a session key associated with the particular traffic flow. The method further includes storing, by the capture device, encrypted data of the particular traffic flow identified by the flow information supplied by the proxy server; storing, by the capture device, the session key associated with the particular traffic flow; and discarding, by the capture device, any of the plurality of received traffic flows not identified in the flow information received from the proxy server. | ||
| 申请公布号 | US8813189(B2) | 申请公布日期 | 2014.08.19 |
| 申请号 | US201113299773 | 申请日期 | 2011.11.18 |
| 申请人 | Blue Coat Systems, Inc. | 发明人 | Li Qing;Frederick Ronald Andrew |
| 分类号 | G06F21/00 | 主分类号 | G06F21/00 |
| 代理机构 | Baker Botts L.L.P. | 代理人 | Baker Botts L.L.P. |
| 主权项 | 1. A method comprising: establishing, by a proxy server, a communications session between each of a plurality of client devices and the proxy server; receiving, at the proxy server, a session key from each of the plurality of client devices; selecting, by the proxy server, a particular traffic flow associated with a particular client device, the particular traffic flow selected from a plurality of traffic flows, each of the plurality of traffic flows being associated with one of the plurality of client devices and comprising encrypted data; and communicating, by the proxy server, flow information to a first capture device communicatively coupled to the proxy server, the flow information comprising the session key received from the particular client device and an identification of the particular traffic flow; wherein: the first capture device is configured to: receive the plurality of traffic flows from the particular client device;store the encrypted data of the particular traffic flow selected by the proxy server;store the session key received in the flow information from the proxy server;discard any of the plurality of received traffic flows not identified in the flow information received from the proxy server;utilize the session key to decrypt encrypted data of traffic flows; andexport the decrypted data to a network analyzer for analysis; andthe proxy server and the first capture device are communicatively coupled to the particular client device through separate connections. | ||
| 地址 | Sunnyvale CA US | ||