A high speed intelligent network recorder for recording a plurality of flows of network data packets into and out of a computer network over a relevant data time window is disclosed. The high speed intelligent network recorder includes a printed circuit board; a high speed network switching device mounted to the printed circuit board; and an X column by Y row array of a plurality of intelligent hard drives with micro-computers mounted to the printed circuit board and coupled in parallel with the high speed network switching device.
A high speed intelligent network recorder for recording a plurality of flows of network data packets into and out of a computer network over a relevant data time window is disclosed. The high speed intelligent network recorder includes a printed circuit board; a high speed network switching device mounted to the printed circuit board; and an X column by Y row array of a plurality of intelligent hard drives with micro-computers mounted to the printed circuit board and coupled in parallel with the high speed network switching device.
A method for network recording is disclosed. In one embodiment, the method includes the following: receiving a plurality of incoming packets, wherein each incoming packet belongs to a conversation flow; forming a capture stream of packet records for the incoming packets; and performing intelligent load balancing on the capture stream of packet records, the load balancing including reading the metadata for each packet record, determining a packet record is part of either a hot flow or a cold flow, selecting a destination node for each packet record based on the flow hash, and steering the packet record to one of a plurality of encapsulation buffers based on the destination node, wherein a cold flow tends to be maintained in a flow coherency at a node. The method may further include operations that include querying and back-testing in order to enable distributed analytics by using low cost, low band width nodes.
H04L 43/106 - Surveillance active, p.ex. battement de cœur, utilitaire Ping ou trace-route en utilisant des informations liées au temps dans des paquets, p.ex. en ajoutant des horodatages
H04L 43/026 - Capture des données de surveillance en utilisant l’identification du flux
2.
Network recorders with computer data packet truncation
In one embodiment, a network recorder includes a storage device; a motherboard; and daughter-cards. Each of the daughter-cards includes an input port, a packet analyzer, an entropy calculator, a comparator, and a processor. The input port receives a plurality of computer data packets. The packet analyzer identifies header fields and a starting point of the payload data in the plurality of computer data packets. The entropy calculator examines the payload data of the plurality of the computer data packets to respectively generate an entropy estimate for each of the plurality of computer data packets. The comparator compares each entropy estimate with an entropy truncation threshold to generate an entropy exceed signal to indicate that the payload data of a computer data packet can be truncated to conserve storage space. The processor compresses at least some of the payload data of the plurality of computer data packets that are not truncated.
H04L 47/36 - Commande de flux; Commande de la congestion en déterminant la taille des paquets, p.ex. l’unité de transfert maximale [MTU]
H04L 69/04 - Protocoles de compression de données, p.ex. ROHC
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p.ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 41/142 - Analyse ou conception de réseau en utilisant des méthodes statistiques ou mathématiques
A netflow generator appliance is provided. The netflow generator appliance is configured to perform operations, including receiving a plurality of netflow records at a netflow generator appliance, each netflow record including at least a hash tag; converting a first hash tag of the first netflow record into a first percentage based on a load balancing function; based on the first percentage, storing the first netflow record in a first queue of data that are scheduled to be sent to a first netflow collector; converting a second hash tag of a second netflow record into a second percentage based on the load balancing function, wherein the second percentage differs from the first percentage; and based on the second percentage, storing the second netflow record in a second queue of data that are scheduled to be sent to a second netflow collector.
A small form-factor pluggable (SFP) time signal adapter module includes a printed circuit board, a cable connector mounted to the printed circuit board, and a differential receiver coupled to the cable connector, one or more of the plurality of wire traces, and an SFP edge connector. The printed circuit board has a plurality of wire traces and a plurality of pads of the SFP edge connector is at least coupled to two of the plurality of wire traces. The cable connector is coupled to at least one or more of the plurality of wire traces. The cable connector coupes to a connector of a cable to receive a differential time reference signal. The differential receiver receives and differentiates the differential time input signal to generate a single ended time reference signal that is coupled to a pad of the SFP edge connector.
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p.ex. clés électroniques ou cartes à puce intelligentes
A high speed intelligent network recorder for recording a plurality of flows of network data packets into and out of a computer network over a relevant data time window is disclosed. The high speed intelligent network recorder includes a printed circuit board; a high speed network switching device mounted to the printed circuit board; and an X column by Y row array of a plurality of intelligent hard drives with micro-computers mounted to the printed circuit board and coupled in parallel with the high speed network switching device.
H04L 43/106 - Surveillance active, p.ex. battement de cœur, utilitaire Ping ou trace-route en utilisant des informations liées au temps dans des paquets, p.ex. en ajoutant des horodatages
H04L 43/026 - Capture des données de surveillance en utilisant l’identification du flux
6.
Methods for intelligent load balancing and high speed intelligent network recorders
A high speed intelligent network recorder for recording a plurality of flows of network data packets into and out of a computer network over a relevant data time window is disclosed. The high speed intelligent network recorder includes a printed circuit board; a high speed network switching device mounted to the printed circuit board; and an X column by Y row array of a plurality of intelligent hard drives with micro-computers mounted to the printed circuit board and coupled in parallel with the high speed network switching device.
H04L 43/106 - Surveillance active, p.ex. battement de cœur, utilitaire Ping ou trace-route en utilisant des informations liées au temps dans des paquets, p.ex. en ajoutant des horodatages
H04L 43/026 - Capture des données de surveillance en utilisant l’identification du flux
7.
Network recorders with entropy and value based packet truncation
In one embodiment, a computer-implemented method of conserving storage space in a network recorder includes receiving a computer packet including a header and payload data; estimating entropy of the payload data in the computer packet; determining if storage of the computer packet is of value or not based on the header of the computer packet; and storing all or a portion of the computer packet into a storage device based on the estimated entropy and the value determination.
A computer-implemented method of distributing netflow records is disclosed. The method includes receiving a plurality of netflow records, each netflow record associated with a hash tag. The hash tag may include, for example, a random M-bit pattern of bits. The method filters the plurality of netflow records over a first hash tag range in response to the hash tag value and storing the first filtered netflow records in a first queue associated with a first netflow collector; filters the plurality of netflow records over a second hash tag range in response to the hash tag value and storing the second filtered netflow records in a second queue associated with a second netflow collector, wherein the second hash tag range differs from the first hash tag range; sends the first filtered netflow records from the first queue to the first netflow collector; and sends the second filtered netflow records from the second queue to the second netflow collector.
A small form-factor pluggable (SFP) time signal adapter module includes a printed circuit board, a cable connector mounted to the printed circuit board, and a differential receiver coupled to the cable connector, one or more of the plurality of wire traces, and an SFP edge connector. The printed circuit board has a plurality of wire traces and a plurality of pads of the SFP edge connector is at least coupled to two of the plurality of wire traces. The cable connector is coupled to at least one or more of the plurality of wire traces. The cable connector couples to a connector of a cable to receive a differential time reference signal. The differential receiver receives and differentiates the differential time input signal to generate a single ended time reference signal that is coupled to a pad of the SFP edge connector.
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p.ex. clés électroniques ou cartes à puce intelligentes
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
10.
Methods for intelligent load balancing and high speed intelligent network recorders
A high speed intelligent network recorder for recording a plurality of flows of network data packets into and out of a computer network over a relevant data time window is disclosed. The high speed intelligent network recorder includes a printed circuit board; a high speed network switching device mounted to the printed circuit board; and an X column by Y row array of a plurality of intelligent hard drives with micro-computers mounted to the printed circuit board and coupled in parallel with the high speed network switching device.
H04L 43/106 - Surveillance active, p.ex. battement de cœur, utilitaire Ping ou trace-route en utilisant des informations liées au temps dans des paquets, p.ex. en ajoutant des horodatages
H04L 43/026 - Capture des données de surveillance en utilisant l’identification du flux
11.
Intelligent load balancing and high speed intelligent network recorders
A high speed intelligent network recorder for recording a plurality of flows of network data packets into and out of a computer network over a relevant data time window is disclosed. The high speed intelligent network recorder includes a printed circuit board; a high speed network switching device mounted to the printed circuit board; and an X column by Y row array of a plurality of intelligent hard drives with micro-computers mounted to the printed circuit board and coupled in parallel with the high speed network switching device.
A small form-factor pluggable (SFP) time signal adapter module includes a printed circuit board, a cable connector mounted to the printed circuit board, and a differential receiver coupled to the cable connector, one or more of the plurality of wire traces, and an SFP edge connector. The printed circuit board has a plurality of wire traces and a plurality of pads of the SFP edge connector is at least coupled to two of the plurality of wire traces. The cable connector is coupled to at least one or more of the plurality of wire traces. The cable connector coupes to a connector of a cable to receive a differential time reference signal. The differential receiver receives and differentiates the differential time input signal to generate a single ended time reference signal that is coupled to a pad of the SFP edge connector.
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p.ex. clés électroniques ou cartes à puce intelligentes
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
A computer-implemented method of distributing netflow records is disclosed. The method includes receiving a plurality of netflow records, each netflow record associated with a hash tag. The hash tag may include, for example, a random M-bit pattern of bits. The method filters the plurality of netflow records over a first hash tag range in response to the hash tag value and storing the first filtered netflow records in a first queue associated with a first netflow collector; filters the plurality of netflow records over a second hash tag range in response to the hash tag value and storing the second filtered netflow records in a second queue associated with a second netflow collector, wherein the second hash tag range differs from the first hash tag range; sends the first filtered netflow records from the first queue to the first netflow collector; and sends the second filtered netflow records from the second queue to the second netflow collector.
brevets
