System, apparatus, and method for modifying captured data packets

摘要

Systems, apparatus, and methods for modifying a captured data packet included in a traffic flow of captured data packets are described. A captured data packet may be analyzed in order to, for example, locate a predefined segment of data included in the received captured data packet, determine a type of data included in the data packet, and determine content included in the data packet. The data packet may then be modified based upon the analysis. Exemplary modifications include deleting a portion of the data included in the data packet, truncating the data packet, and modifying data included in the predefined segment.

主权项

1. A method comprising:
receiving, at a network captured traffic distribution device, a traffic flow of captured data packets wherein the data packets are received via at least one of a minor port resident on a source of the captured data packets and a traffic capture point located along a communication link between two communicating devices, further wherein the network traffic distribution device includes a plurality of ingress and egress ports; determining, by the network captured traffic distribution device, a time of arrival of a data packet included in the traffic flow of captured data packets at the network captured traffic distribution device; analyzing, by the network captured traffic distribution device, a received data packet to locate a predefined segment of data included in the received data packet; modifying, by the network captured traffic distribution device, the predefined segment of data; generating, by the network captured traffic distribution device, a time stamp value based on the determination of the time of arrival, wherein generating the time stamp value includes receiving a value from a first counter, receiving a value from a second counter and combining the values from the first and second counters; inserting a port stamp and the generated time stamp value into the data packet, wherein the port stamp is a segment of data that indicates an ingress port identity associated with the data packet received by the network captured traffic distribution device; calculating a frame check sequence (FCS) to indicate the port stamp and the time stamp value have been added to the data packet; incorporating the calculated frame check sequence (FCS) into the data packet; determining, by the network captured distribution device, an egress port assigned to the data packet including a modified predefined segment; transmitting, by the network captured distribution device, the data packet including the modified predefined segment, the generated time stamp value, the port stamp and the frame check sequence (FCS) to the assigned egress port; and wherein the egress port is configured within the network captured distribution device and wherein the egress port is a monitor port for connecting to an external device.