| CPC H04L 63/166 (2013.01) [H04L 63/0428 (2013.01); H04L 65/1069 (2013.01)] | 18 Claims |
|
1. A method comprising:
identifying, by one or more processors via a kernel application executing in a kernel of a server hosting an application, a handshake operation for a communication session between a client device and the server by:
identifying, by the one or more processors via the kernel application, a session identifier for the communication session established with a Transport Layer Security (TLS) library of the server;
retrieving, by the one or more processors via the kernel application, the session identifier for the communication session from one or more handshaking messages of the handshake operation for the communication session;
storing, by the one or more processors via the kernel application, the session identifier in a cache within the kernel;
retrieving, by the one or more processors via the kernel application, one or more data transfer messages of the communication session between the client device and the application hosted by the server after the communication session has been established;
correlating, by the one or more processors via the kernel application, the one or more data transfer messages of the communication session based on the one or more data transfer messages containing the session identifier; and
generating, by the one or more processors via the kernel application, a record comprising the one or more correlated data transfer messages,
wherein the one or more correlated data transfer messages are used to perform network analytics on a network through which the communication session is performed.
|