Abstract: Network traffic associated with a user is lawfully intercepted by mirroring data packets flowing to and from the user for which interception has been designated. A unique packet structure enables analysis of mirrored data packets of any network type. In one implementation, a packet structure comprises routable packets that encapsulate the mirrored packet stream. The routable packet structure may be formed by prepending a correlation header to each mirrored packet. The correlation header includes a routing header to allow the mirrored packets to be transportable across the public Internet. In addition, an intercept header may be embedded within the correlation header to easily support various analyzer-specific implementations. The intercept header may include a version field that is extensible for the various analyzer implementations.

Abstract: Network traffic associated with a user is lawfully intercepted by mirroring data packets flowing to and from the user for which interception has been designated. A unique packet structure enables analysis of mirrored data packets of any network type. In one implementation, a packet structure comprises routable packets that encapsulate the mirrored packet stream. The routable packet structure may be formed by prepending a correlation header to each mirrored packet. The correlation header includes a routing header to allow the mirrored packets to be transportable across the public Internet. In addition, an intercept header may be embedded within the correlation header to easily support various analyzer-specific implementations. The intercept header may include a version field that is extensible for the various analyzer implementations.

Abstract: A device associated with the authentication of a user on a network, i.e., an “authentication device,” initiates lawful interception of network traffic associated with the user. The authentication device communicates with a network service device, such as an edge router, providing network access or other services to the user to enable and disable monitoring of the network user. The authentication device may issue intercept requests to the network service device upon authenticating the network user during login or at any time while the network user's session is in progress. Upon receiving an intercept request from the authentication device, the network service device mirrors data packets flowing to and from the network user for which interception has been designated. The mirrored packets are sent to an analyzer, which analyzes the packets and provides packet analysis information to a law enforcement agency.

Abstract: Methods and systems consistent with the present invention provide a way to provide optimal delivery of multicast content by retail ISPs in a wholesale aggregation network environment. A broadband network gateway dynamically informs an access node of a mapping between a multicast domain corresponding to the retail service provider, allowing the gateway to send multicast data to the access node for replication to subscribers instead of replicating the multicast data at the gateway. The gateway dynamically informs the access node of the mapping using a standardized access node control protocol. The gateway can also dynamically instruct the access node to update or delete the mapping.