US 12,367,060 B2
System and method of flow source discovery
Nicholas York, San Ramon, CA (US); Rosanna Lee, Palo Alto, CA (US); Vishal Neema, San Jose, CA (US); and Xiaohong Pan, San Ramon, CA (US)
Assigned to Virtual Instruments Worldwide, Inc., Palo Alto, CA (US)
Filed by Virtual Instruments Worldwide, Inc., Palo Alto, CA (US)
Filed on Oct. 20, 2022, as Appl. No. 18/048,256.
Application 18/048,256 is a continuation of application No. 17/014,878, filed on Sep. 8, 2020, granted, now 11,481,242.
Application 17/014,878 is a continuation of application No. 16/234,402, filed on Dec. 27, 2018, granted, now 10,768,970, issued on Sep. 8, 2020.
Claims priority of provisional application 62/611,892, filed on Dec. 29, 2017.
Prior Publication US 2023/0176890 A1, Jun. 8, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 9/455 (2018.01); G06F 9/50 (2006.01); H04L 41/0233 (2022.01); H04L 41/06 (2022.01); H04L 41/0631 (2022.01); H04L 41/0681 (2022.01); H04L 41/0896 (2022.01); H04L 41/14 (2022.01); H04L 43/026 (2022.01); H04L 43/0876 (2022.01); H04L 43/12 (2022.01); H04L 43/16 (2022.01); H04L 47/2441 (2022.01); H04L 47/2483 (2022.01); H04L 67/10 (2022.01); H04L 67/1097 (2022.01)
CPC G06F 9/45558 (2013.01) [G06F 9/5077 (2013.01); H04L 41/0233 (2013.01); H04L 41/06 (2013.01); H04L 41/065 (2013.01); H04L 41/0681 (2013.01); H04L 41/0896 (2013.01); H04L 41/145 (2013.01); H04L 43/026 (2013.01); H04L 43/0876 (2013.01); H04L 43/12 (2013.01); H04L 43/16 (2013.01); H04L 47/2441 (2013.01); H04L 47/2483 (2013.01); H04L 67/1097 (2013.01); G06F 2009/4557 (2013.01); G06F 2009/45591 (2013.01); G06F 2009/45595 (2013.01); H04L 67/10 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A system comprising:
one or more processors; and
memory containing instructions configured to control the one or more processors to:
receive a period of time for flow source discovery of an enterprise network;
receive network traffic data from network traffic analyzing platforms, including a first network traffic analyzing platform, the network traffic analyzing platforms being in communication with the enterprise network, the network traffic data indicating network traffic into and out of flow sources of the enterprise network, at least one flow source of the flow sources of the enterprise network being a router of switch fabric integrated within the enterprise network, the first network traffic analyzing platform collecting a first flow packet type and a second flow packet type, each of the first flow packet type and the second flow packet type including an associated data packet header;
for each particular flow packet:
identify the particular flow packet as belonging to one of at least two flow packet types based at least in part on a format of the particular flow packet and the associated data packet header associated with the particular flow packet;
when the particular flow packet is of the first flow packet type, identify a flow source of the particular flow packet and at least one metric of the network traffic data, the flow source being one of a plurality of flow sources of the enterprise network, and update a flow source data structure to include the identified flow source and the at least one metric of the network traffic data;
when the particular flow packet is the second flow packet type, the second flow packet type being different from the first flow packet type identify the flow source associated with the particular flow packet and at least one metric of the network traffic data, and update the flow source data structure to include the identified flow source and the at least one metric of the network traffic data; and
after termination of the period of time, output the flow source data structure, the flow source data structure including the identified flow sources and a plurality of metrics including the at least one metric of the network traffic associated with at least one of the identified flow sources, the flow source data structure enabling an operator of the enterprise network to control and monitor network traffic of the enterprise network.