Abstract: A network monitoring device may receive, from a mediation device, flow-tap content data (generated by the mediation device based on current and/or previous investigation reports associated with flow tapping) that needs to be monitored. The network monitoring device may map the content data to a flow-tap content destination address of a content destination device in an entry of a flow-tap content filter. The network monitoring device may analyze, using the flow-tap content filter, network traffic of the network to detect a traffic flow that includes the content data. The network monitoring device may generate, based on successfully detecting a traffic flow that includes the content data, a traffic flow copy and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination device to enable a context analysis of the content data.

Abstract: A network monitoring device may receive, from a mediation device, flow-tap content data (generated by the mediation device based on current and/or previous investigation reports associated with flow tapping) that needs to be monitored. The network monitoring device may map the content data to a flow-tap content destination address of a content destination device in an entry of a flow-tap content filter. The network monitoring device may analyze, using the flow-tap content filter, network traffic of the network to detect a traffic flow that includes the content data. The network monitoring device may generate, based on successfully detecting a traffic flow that includes the content data, a traffic flow copy and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination device to enable a context analysis of the content data.

Abstract: A network device ensures availability of content destination devices, and may receive a request to install a filter, and the request may include information identifying a set of content destination devices capable of receiving packets that match the filter, and priority values indicating priorities by which the set of content destination devices are to receive the packets. The network device may receive status indications indicating availabilities associated with the set of content destination devices, and may receive a packet destined for an endpoint device. The network device may generate a copy of the packet, and may determine that a packet feature matches the filter. The network device may select a particular content destination device, from the set of content destination devices, based on the priority values and the status indications, and may cause the copy of the packet to be forwarded to the particular content destination device.

Abstract: A network monitoring device may receive flow-tap information that identifies a traffic flow characteristic and a signed URL associated with a signed URL platform from a mediation device. The network device may map the traffic flow characteristic to the signed URL in an entry of a flow-tap filter that is maintained within a data structure of the network device. The network device may analyze, using the flow-tap filter, network traffic of the network to detect a traffic flow that is associated with the traffic flow characteristic. The network device may generate, based on detecting the traffic flow in the network traffic, a traffic flow copy that is associated with the traffic flow. The network device may provide, based on the signed URL, the traffic flow copy to the signed URL platform, wherein the traffic flow copy is to be accessible to an authorized user device via the signed URL.

Abstract: A network monitoring device may receive, from a mediation device, flow-tap geolocation information that identifies a geographical location (e.g., that is derived based on current and/or previous flow-tap investigation reports) and may obtain, from a geographical Internet protocol (GeoIP) database and based on the flow-tap geolocation information, a plurality of Internet protocol (IP) addresses that are associated with the geographical location. The network device may map the plurality of IP addresses to a flow-tap content destination address of a content destination device in a plurality of entries of a flow-tap geolocation filter. The network device may detect, based on the flow-tap geolocation filter, a traffic flow that is associated with the geographical location, may generate a traffic flow copy, and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination to enable a context analysis of the traffic flow.

Abstract: A network device ensures availability of content destination devices, and may receive a request to install a filter, and the request may include information identifying a set of content destination devices capable of receiving packets that match the filter, and priority values indicating priorities by which the set of content destination devices are to receive the packets. The network device may receive status indications indicating availabilities associated with the set of content destination devices, and may receive a packet destined for an endpoint device. The network device may generate a copy of the packet, and may determine that a packet feature matches the filter. The network device may select a particular content destination device, from the set of content destination devices, based on the priority values and the status indications, and may cause the copy of the packet to be forwarded to the particular content destination device.

Abstract: A network device may receive a request to install a filter associated with an application identifier or a uniform resource locator (URL), and may add, based on the request, information identifying the filter to a list of filters associated with the network device. The network device may receive a packet destined for an endpoint device, may generate a copy of the packet, and may cause the packet to be forwarded to the endpoint device. The network device may perform deep packet inspection of the copy to identify a packet application identifier or a packet URL, and may determine whether the packet application identifier or the packet URL matches the application identifier or the URL. The network device may cause the copy of the packet to be forwarded to a content destination device when the packet application identifier or the packet URL matches the application identifier or the URL.

Abstract: A network device ensures availability of content destination devices, and may receive a request to install a filter, and the request may include information identifying a set of content destination devices capable of receiving packets that match the filter, and priority values indicating priorities by which the set of content destination devices are to receive the packets. The network device may receive status indications indicating availabilities associated with the set of content destination devices, and may receive a packet destined for an endpoint device. The network device may generate a copy of the packet, and may determine that a packet feature matches the filter. The network device may select a particular content destination device, from the set of content destination devices, based on the priority values and the status indications, and may cause the copy of the packet to be forwarded to the particular content destination device.

Abstract: A network device may receive a request, to install a filter, that includes information identifying a first source address, a first destination address, a content destination device, and a tapping level indicator. The network device may create an additional filter, based on the tapping level indicator, by setting the first destination address as a second source address, determining a third destination address that is a destination for the second source address, and setting the third destination address as a third source address. The network device may add the filter and the additional filter to a list of filters, and may receive, from source devices, packets destined for destination devices. The network device may generate a copy of a packet, and may determine that the copy of the packet matches the filter or the additional filter. The network device may forward the copy of the packet to the content destination device.

Abstract: A network monitoring device may receive flow-tap information that identifies a traffic flow characteristic and a signed URL associated with a signed URL platform from a mediation device. The network device may map the traffic flow characteristic to the signed URL in an entry of a flow-tap filter that is maintained within a data structure of the network device. The network device may analyze, using the flow-tap filter, network traffic of the network to detect a traffic flow that is associated with the traffic flow characteristic. The network device may generate, based on detecting the traffic flow in the network traffic, a traffic flow copy that is associated with the traffic flow. The network device may provide, based on the signed URL, the traffic flow copy to the signed URL platform, wherein the traffic flow copy is to be accessible to an authorized user device via the signed URL.

Abstract: A network monitoring device may receive flow-tap information that identifies a traffic flow characteristic and a signed URL associated with a signed URL platform from a mediation device. The network device may map the traffic flow characteristic to the signed URL in an entry of a flow-tap filter that is maintained within a data structure of the network device. The network device may analyze, using the flow-tap filter, network traffic of the network to detect a traffic flow that is associated with the traffic flow characteristic. The network device may generate, based on detecting the traffic flow in the network traffic, a traffic flow copy that is associated with the traffic flow. The network device may provide, based on the signed URL, the traffic flow copy to the signed URL platform, wherein the traffic flow copy is to be accessible to an authorized user device via the signed URL.

Abstract: A network monitoring device may receive flow-tap information that identifies a traffic flow characteristic and a signed URL associated with a signed URL platform from a mediation device. The network device may map the traffic flow characteristic to the signed URL in an entry of a flow-tap filter that is maintained within a data structure of the network device. The network device may analyze, using the flow-tap filter, network traffic of the network to detect a traffic flow that is associated with the traffic flow characteristic. The network device may generate, based on detecting the traffic flow in the network traffic, a traffic flow copy that is associated with the traffic flow. The network device may provide, based on the signed URL, the traffic flow copy to the signed URL platform, wherein the traffic flow copy is to be accessible to an authorized user device via the signed URL.

Abstract: A network monitoring device may receive, from a mediation device, flow-tap geolocation information that identifies a geographical location (e.g., that is derived based on current and/or previous flow-tap investigation reports) and may obtain, from a geographical Internet protocol (GeoIP) database and based on the flow-tap geolocation information, a plurality of Internet protocol (IP) addresses that are associated with the geographical location. The network device may map the plurality of IP addresses to a flow-tap content destination address of a content destination device in a plurality of entries of a flow-tap geolocation filter. The network device may detect, based on the flow-tap geolocation filter, a traffic flow that is associated with the geographical location, may generate a traffic flow copy, and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination to enable a context analysis of the traffic flow.

Abstract: A network monitoring device may receive, from a mediation device, flow-tap content data (generated by the mediation device based on current and/or previous investigation reports associated with flow tapping) that needs to be monitored. The network monitoring device may map the content data to a flow-tap content destination address of a content destination device in an entry of a flow-tap content filter. The network monitoring device may analyze, using the flow-tap content filter, network traffic of the network to detect a traffic flow that includes the content data. The network monitoring device may generate, based on successfully detecting a traffic flow that includes the content data, a traffic flow copy and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination device to enable a context analysis of the content data.

Abstract: A network device may receive a request, to install a filter, that includes information identifying a first source address, a first destination address, a content destination device, and a tapping level indicator. The network device may create an additional filter, based on the tapping level indicator, by setting the first destination address as a second source address, determining a third destination address that is a destination for the second source address, and setting the third destination address as a third source address. The network device may add the filter and the additional filter to a list of filters, and may receive, from source devices, packets destined for destination devices. The network device may generate a copy of a packet, and may determine that the copy of the packet matches the filter or the additional filter. The network device may forward the copy of the packet to the content destination device.

Abstract: A network device may receive a request to install a filter associated with an application identifier or a uniform resource locator (URL), and may add, based on the request, information identifying the filter to a list of filters associated with the network device. The network device may receive a packet destined for an endpoint device, may generate a copy of the packet, and may cause the packet to be forwarded to the endpoint device. The network device may perform deep packet inspection of the copy to identify a packet application identifier or a packet URL, and may determine whether the packet application identifier or the packet URL matches the application identifier or the URL. The network device may cause the copy of the packet to be forwarded to a content destination device when the packet application identifier or the packet URL matches the application identifier or the URL.