Abstract: A network traffic distribution device (e.g., a network tap or similar device) is configured to receive and analyze captured network traffic data packets that include tunneling IDs (e.g., GTP tunneling IDs) and, based on that analysis, to distribute those data packets in such a way that data packets with the same tunneling IDs are distributed to a common egress port of the network traffic distribution device. In some cases, each flow of data packets with a common tunneling ID is sent to a unique external device, while in other cases, two or more traffic flows, each with packets having respective, common tunneling IDs may be provided to the same external device, either via a common egress port of the network traffic monitoring device or via separate egress ports thereof.

Abstract: Systems, devices, and methods for finding a captured data packet including a data pattern of interest are herein provided. The captured data packet may be included in the traffic flow of data packets received at a network captured traffic distribution device and may be found by scanning the payload portions of data packets included in the traffic flow to find a data packet including a data content pattern of interest. An egress port of the network captured traffic distribution device associated with a found data packet may be determined based upon the data pattern of interest detected in the payload portion of the found data packet and the found data packet may then be transmitted to its assigned egress port.

Abstract: Systems, devices, and methods for finding a captured data packet including a data pattern of interest and data packets associated with the found data packet are herein provided. A traffic flow of captured data packets may be received by a network captured traffic distribution device and may be duplicated. A traffic flow of captured data packets may be scanned for data packets including a data pattern of interest and identifying information may be determined for any found data packets. A duplicate traffic flow of captured data packets may also be scanned for data packets with identifying information that matches a found data packet. An egress port for the found data packet may be determined and both the found data packet and any data packets with identifying information matching found data packet might be transmitted to the determined egress port.

Abstract: Systems, apparatus, and methods for modifying a captured data packet included in a traffic flow of captured data packets are described. A captured data packet may be analyzed in order to, for example, locate a predefined segment of data included in the received captured data packet, determine a type of data included in the data packet, and determine content included in the data packet. The data packet may then be modified based upon the analysis. Exemplary modifications include deleting a portion of the data included in the data packet, truncating the data packet, and modifying data included in the predefined segment.

Abstract: Systems, apparatus, and methods for inserting information into a captured data packet included in a traffic flow of captured data packets are herein disclosed. Exemplary information inserted into a capture data packet includes a data segment, a time stamp, port stamp, a virtual local area network (VLAN) tag, Gateway General Packet Radio Service (GPRS) Tunneling Protocol (GTP) information, and multi-protocol label switching (MPLS) information.

Abstract: A network traffic distribution device (e.g., a network tap or similar device) is configured to receive and analyze captured network traffic data packets that include tunneling IDs (e.g., GTP tunneling IDs) and, based on that analysis, to distribute those data packets in such a way that data packets with the same tunneling IDs are distributed to a common egress port of the network traffic distribution device. In some cases, each flow of data packets with a common tunneling ID is sent to a unique external device, while in other cases, two or more traffic flows, each with packets having respective, common tunneling IDs may be provided to the same external device, either via a common egress port of the network traffic monitoring device or via separate egress ports thereof.

Abstract: Data packets received at network traffic distribution device are analyzed to determine whether they include unwanted information, and, if so, the network traffic distribution device removes the unwanted information and then transmits the data packets, absent the unwanted information, to an assigned egress port (e.g., a monitor port communicatively coupled to a monitoring device). The flow of data packets may be received at the network traffic distribution device from a mirror port resident on a source of the captured data packets and/or a traffic capture point located along a communication link between two communicating devices within a network. In addition to analyzing the data packets and removing unwanted information therefrom, the network traffic distribution device may perform additional operations on the data packets as well.

Abstract: An intelligent fast switch-over network active tap system enables active monitoring of a network segment connected between network devices. A fail-safe relay subsystem is coupled between a pair of network ports, enabling transmission of network communications signals through a passive cross-connect between the network ports or through an active bridge subsystem. The active bridge subsystem is capable of independently establishing network links with the network devices, and a separate network link with a monitoring device. A controller manages operation of the relay and active bridge subsystems, including switches between passive and active network transmission through the tap system and to determine and establish the active network links subject to symmetric network link parameters and state. Thereby, the network link status of the connected network devices is preserved on switch between active and passive transmission and correctly reflected in the presence of link and power failures.

Abstract: Methods, systems, computer-readable media, and devices for transmitting received captured traffic through a stacked topology of network captured traffic distribution devices are provided. An exemplary system may include a source of captured network traffic, a plurality of stacked network captured traffic distribution devices arranged in a stacked topology, and an external device. On some occasions, one or more of the network captured traffic distribution devices may be associated with unique IP address and the system may further include a web browser. The web browser may be enabled to communicate with each of the plurality of stacked network captured traffic distribution devices via their respective unique IP address.

Abstract: A network captured traffic distribution device including a plurality of bi-directional ports, an egress port, a stacking port, and a processor is disclosed. The stacking port may be configured to enable the stacking of the network captured traffic distribution device with at least one additional network captured traffic distribution device in a stacked topology. The stacking may include, for example, an exchange of configuration information between the network captured traffic distribution device and an additional network captured traffic distribution device included in the stacked topology. Methods, systems, and apparatus for enabling the stacking of a network captured traffic distribution device to an additional network captured traffic distribution device in a stacked topology are also provided.

Abstract: Methods, systems, computer-readable media, and devices for filtering captured network traffic received by a network captured traffic distribution device communicatively coupled to a plurality of network captured network traffic distribution devices arranged in a stacked topology are described. Methods, systems, computer-readable media, and devices for applying a plurality of filters to received captured network traffic by a network captured traffic distribution device communicatively coupled to a plurality of network captured network traffic distribution devices arranged in a stacked topology are also described. Applying a plurality of filters to the received captured traffic may generate a plurality of filtered captured traffic sets. In some instances, filtered captured network traffic sets that have similar target destinations may be aggregated together and transmitted toward the target destination.

Abstract: Methods, systems, computer-readable media, and devices for determining an optimum route for the transmission of a received traffic flow of captured data packets from a network captured traffic distribution device, through a stacked topology of network captured traffic distribution devices, to a target destination are provided. A plurality of routes through a stacked topology may be determined and analyzed according to one or more criterion. An optimum route may then be selected based upon the analysis. On some occasions, the determination of an optimum route may incorporate information regarding operating conditions for the stacked topology.

Abstract: Methods, systems, computer-readable media, and devices for aggregating sets of received captured network traffic by a network captured traffic distribution device communicatively coupled to a plurality of network captured network traffic distribution devices arranged in a stacked topology are described. Systems for aggregating captured network traffic may include a source of captured network traffic, a plurality of stacked network captured traffic distribution devices arranged in a stacked topology such that each network captured traffic distribution device is communicatively coupled via a communication link with at least one additional stacked network captured traffic distribution device, and an external device. In some embodiments, one or more of the stacked network captured traffic distribution devices, source, and/or external device may operate at locations that are geographically disperse from one another.

Abstract: Methods, systems, computer-readable media, and devices for monitoring a stacked topology of network captured traffic distribution devices and/or a device or network connected thereto are described. For example, a network captured traffic distribution device communicatively coupled to a plurality of network captured traffic distribution devices arranged in a stacked topology via a communication link may monitor a status of the stacked topology, a network captured traffic distribution device included in the stacked topology, a network communicatively coupled to the stacked topology, and/or a network device communicatively coupled to the stacked topology. Configuration information included in the network captured traffic distribution device may be updated responsively to the monitoring.

Abstract: Methods, systems, computer-readable media, and devices for automatically configuring a network captured traffic distribution device communicatively coupled to a stacked topology of network captured traffic distribution devices are described. The automatic configuration may include an exchange of configuration information between a first and second network captured traffic distribution device included in a stacked topology. The configuration information of a network captured traffic distribution device may also be automatically updated when, for example, a change is detected in the stacked topology or on a periodic or as needed basis.

Abstract: Methods, systems, and apparatus for generating a stacked topology of network captured traffic distribution devices and/or adding a network captured traffic distribution device to an existing stacked topology are described. A portion of configuration information associated with a first network captured traffic distribution device included in the stacked topology may be exchanged a second network captured traffic distribution device. In one embodiment, it may be determined whether there is a change in the stacked topology and/or a notification that there is a change in the stacked topology may be received by the first and/or second network captured traffic distribution device. The configuration information of the first and/or second network captured traffic distribution device, respectively, may then be updated responsively to the detected change or notification.

Abstract: Methods, systems, computer-readable media, and devices for determining a target destination of captured network traffic received by a network captured traffic distribution device communicatively coupled to a plurality of network captured network traffic distribution devices arranged in a stacked topology responsively to an inserted virtual local area network (VLAN) tag are described. A target destination for a captured data packet may be determined and a VLAN tag may be inserted into the captured data packet responsively to the determined target destination. The data packet may then be transmitted to an intervening network captured traffic distribution device positioned between the network captured traffic distribution device and the target destination. Once received by the intervening network captured traffic distribution device, the target destination of the received data packet may be determined based on the inserted VLAN tag. The received data packet may then be transmitted toward the target destination.

Abstract: A procedure for determining the mode of operation of an Ethernet network during passive monitoring of the network. A passive tap is introduced into a network and configured to operate according to a first Ethernet mode. The tap determines whether or not it is operating in the same mode as that being used by devices within the network segment being monitored. If so, the tap continues to operate in the current mode, otherwise, the tap switches modes and the process repeats until the tap is deemed to be operating in the correct mode.

Abstract: A network data monitoring device provides for the flexible, programmable port-to-multi-port steering of data packet traffic between network port pairs, with tap data streams being directed to any of a plurality of monitor ports. The network data monitoring device is constructed utilizing one or more switching integrated circuits programmed to disable layer-2 routing and impose port-to-multiport data packet steering. Physical layer protocol encoding/decoding circuits enable connectivity to physical network media connectors though a system of fail-safe relays. A system controller, preferably implemented by a microprocessor, is connected to all switching integrated circuits and relays for configuration, status and control. Hardware-based logic selectively in complement to the switching integrated circuits provides for the programmable filtering, modification and programmable steering of data packets through the device.