Correlating protocol data units transiting networks with differing addressing schemes
A private breadcrumb PDU traverses a Network Address Translator, NAT, and address correlation is performed by placing source information in fields immune from translation as the PDU traverses the NAT. The method includes: detecting, e.g. at sensor A 140, a first protocol data unit, PDU, addressed fr...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | A private breadcrumb PDU traverses a Network Address Translator, NAT, and address correlation is performed by placing source information in fields immune from translation as the PDU traverses the NAT. The method includes: detecting, e.g. at sensor A 140, a first protocol data unit, PDU, addressed from a first device in the first network and addressed to a destination in the second network, prior to translation by a network address translator, NAT, 130; inserting, by sensor A, prior to translation from the first addressing scheme to the second addressing scheme, a breadcrumb protocol data unit that is addressed to the second network, the breadcrumb PDU including, in a location immune from address translation by the NAT (e.g. in IP Options, TCP Options or payload field), the source address of the first protocol data unit; receiving, e.g. at sensor B 150, a translated breadcrumb protocol data unit which has maintained the unchanged source information in the translation immune field; and reporting an association of the source address of the first PDU with the translated source address of the first PDU thereby performing address correlation. Sensor A may be located on the first device or in the path to the NAT. |
|---|