Some content of this application is unavailable at the moment.
If this situation persist, please contact us atFeedback&Contact
1. (WO2019006014) APPARATUS AND METHOD FOR CORRELATING NETWORK TRAFFIC FLOWS ON OPPOSITE SIDES OF A NETWORK ADDRESS TRANSLATOR
Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

In the claims:

1. A machine, comprising;

a processor; and

a memory connected to the processor, the memory storing instructions executed by the processor to:

evaluate internal packets from a first side of a network address translator with a first internet protocol address and a first port designation,

evaluate external packets from a second side of a network address translator with a second internet protocol address and a second port designation, wherein the first internet protocol address and the first port designation are different than the second internet protocol address and the second port designation,

identify within the internal packets and the external packets a session start packet match,

create a session entry with a session start time in response to the session start packet match,

identify within the internal packets and the external packets a session end match, and

record a session end time in response to the session end match.

2. The machine of claim 1 further comprising instructions executed by the processor to compute a session time based upon the session start time and the session end time.

3. The machine of claim 1 further comprising instructions executed by the processor to compute a session size.

4. The machine of claim 3 further comprising instructions executed by the processor to compute the session size based upon the difference between a transmission control protocol end sequence number and a transmission control protocol initial sequence number.

5. The machine of claim 3 further comprising instructions executed by the processor to compute the session size based upon a session time.

6. The machine of claim 1 wherein the instructions executed by the processor include instructions to identify the session start packet match based upon a hash match between an internal packet and an external packet.

7. The machine of claim 1 wherein the instructions executed by the processor include instructions to identify the session start packet match based upon an internal packet time stamp being within a time threshold of an external packet time stamp.

8. The machine of claim 1 wherein the instructions executed by the processor includes instructions to identify the session start packet match based upon same destination address and different source address on egress to the network address translator and different destination address and same source address on ingress from the network address translator.

9. A machine, comprising:

a processor, and

a memory connected to the processor, the memory storing instructions executed by the processor to:

classify packets as transmission control protocol signaling packets or transmission control protocol non-signaling packets,

omit from further processing the transmission control protocol non-signaling packets,

append to the transmission control protocol signaling packets trailers, and forward the transmission control protocol signaling packets and the trailers to a network connected device for further evaluation.

10. The machine of claim 9 wherein each trailer of the trailers includes a field indicating whether the packet is on the first side of a network address translator or a second side of a network address translator.

11. The machine of claim 9 wherein each trailer of the trailers includes a timestamp.

12. The machine of claim 9 wherein each trailer of the trailers includes a network device identification.

13. The machine of claim 9 wherein each trailer of the trailers includes a port identification.

14. The machine of claim 9 wherein each trailer of the trailers includes a hash of packet contents that omits a source internet protocol address and a destination internet protocol address.