Patent application number | Description | Published |
20090116398 | SYSTEMS AND METHODS FOR FLOW MONITORING - A network device may include logic configured to receive a packet from a packet forwarding engine, create a flow ID for the packet, determine whether the flow ID matches one of a plurality of flow IDs in a table, determine whether the packet is associated with a flow to be sampled, sample the packet and additional packets associated with the flow that are received from the packet forwarding engine when the flow is to be sampled and transmit the flow ID and the sampled packets via a switch to an interface. | 05-07-2009 |
20100226373 | TRACKING FRAGMENTED DATA FLOWS - A device may receive a fragment of a fragmented data unit, determine a flow identifier that identifies a data flow with which the fragment is associated, and create a flow entry, based on the flow identifier, to store information associated with the data flow. The device may also determine a fragment key associated with the fragment, store a pointer to the flow entry based on the fragment key, correlate the fragment and another fragment, associated with the data flow, based on the fragment key and the pointer to the flow entry, and accumulate statistics associated with the fragment and the other fragment after correlating the fragment and the other fragment. | 09-09-2010 |
20110013636 | TRACKING FRAGMENTED DATA FLOWS - A device may receive a fragment of a fragmented data unit, determine a flow identifier that identifies a data flow with which the fragment is associated, and create a flow entry, based on the flow identifier, to store information associated with the data flow. The device may also determine a fragment key associated with the fragment, store a pointer to the flow entry based on the fragment key, correlate the fragment and another fragment, associated with the data flow, based on the fragment key and the pointer to the flow entry, and accumulate statistics associated with the fragment and the other fragment after correlating the fragment and the other fragment. | 01-20-2011 |
20110206049 | TARGETED FLOW SAMPLING - A device may include two or more line interfaces. One of the line interfaces may include a component to buffer a packet that is received at the line interface, perform a lookup of information related to selecting a flow based on a header of the packet, apply a symmetric hash function to addresses in the header to obtain a hash when the information related to selecting the flow indicates the flow is to be selected based on a random method, compare the hash to a particular number using the information related to selecting the flow, the particular number being same for the line interfaces, sample a flow when the hash matches the particular number, create a flow record for the flow, and sample packets based on the flow record. | 08-25-2011 |
20110255408 | TRAFFIC ANALYSIS OF DATA FLOWS - A device includes a memory, flow table logic, sampling logic, and a processing unit. The memory is configured to store a flow table that stores, as a number of entries, statistics regarding a number of data flows. The flow table logic is configured to generate records corresponding to data flows for which entries are created in the flow table or removed from the flow table. The sampling logic is configured to select one of the data flows for sampling and sample initial data units for the one of the data flows. The processing unit is configured to receive the records generated by the flow table logic, receive the initial data units sampled by the sampling logic, analyze the initial data units to generate analysis results, correlate the records and the analysis results associated with a same one of the data flows, and store the correlated records and analysis results. | 10-20-2011 |
20120207024 | NETWORK TRAFFIC ANALYSIS USING A FLOW TABLE - A device may receive a data unit at a line interface of a network device, convey the data unit to a first component in the line interface, update a flow table in the first component based on the data unit, send a message to a second component in the network device, the message describing the update to the flow table, and forward the data unit from the first component to another line interface in the network device. | 08-16-2012 |
20130013598 | MANAGING A FLOW TABLE - A device may include a flow table to store, in flow table records, statistics associated with a number of data flows, and a flow type table to store, in flow type table records, information that indicates whether to store statistics in the flow table for each of a number of types of data flows, information that indicates a manner for sampling data units associated with the data flows, and/or information that indicates when to delete flow table records from the flow table. | 01-10-2013 |
20140304813 | DISTRIBUTED NETWORK ANOMALY DETECTION - A network device may include multiple interfaces, each including a local database to store, in a first group of local records, information associated with a first group of data units sent from or received by a first one of the group of interfaces; a global database to store, in a group of global records, information associated with the first group of data units and information associated with a second group of data units sent from or received by a second one of said group of interfaces. The device may include a processor, to manage the local database and the global database; broadcast at least one of the local records to the second one of the group of interfaces; and analyze each of the local records to identify potential anomalies in the first group of data units. | 10-09-2014 |