System and method for correlating IP flows across network address translation firewalls

System and method for correlating IP flows across network address translation firewalls

Systems and methods are disclosed for correlating IP flows across a NAT firewall. Data packets are captured from a first interface using a monitor probe coupled to the first interface and are correlated into a first group of session records. For each of the first group of session records, a correlat...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: IVERSHEN ALEKSEY G
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Systems and methods are disclosed for correlating IP flows across a NAT firewall. Data packets are captured from a first interface using a monitor probe coupled to the first interface and are correlated into a first group of session records. For each of the first group of session records, a correlation key is created using data in one of the packets in the session record. Data packets are captured from a second interface using a monitor probe coupled to the second interface and are correlated into a second group of session records. For each of the second group of session records, a correlation key is created using data in one of the packets in the session record. The correlation key for one of the first group is compared to the correlation keys for each of the second group of session records to identify session records with matching correlation keys.