Patents by Inventor Murali BOMMANA
Murali BOMMANA has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230084792Abstract: A network appliance receives a communication from a client device that includes a request to establish a network connection to a server. Prior to initiating a network connection between the network appliance and the server, the network appliance accesses a server certificate issued by the server. In response to a determination, based on application of a policy to the server certificate, not to decrypt data transmitted between the client device and the server, the network appliance establishes only a single connection between the network appliance and the server. The network appliance transmits encrypted data between the client device and the server over the single connection.Type: ApplicationFiled: October 31, 2022Publication date: March 16, 2023Inventors: Manish Pathak, Kishor Joshi, Murali Bommana
-
Patent number: 11516205Abstract: A network appliance receives a communication from a client device that includes a request to establish a network connection to a server. The network appliance establishes, in response to the communication, a single connection between the network appliance and the server based on application of a policy that causes the network appliance to determine not to decrypt data transmitted between the client device and the server. The network appliance transmits encrypted data between the client device and the server over the single connection.Type: GrantFiled: March 13, 2019Date of Patent: November 29, 2022Assignee: Gigamon Inc.Inventors: Manish Pathak, Kishor Joshi, Murali Bommana
-
Patent number: 11165682Abstract: A method performed by a network device includes: receiving a first packet by the network device, wherein the first packet is tapped from a network; identifying a session to which the first packet belongs when the first packet has one or more values that at least partially match one or more terms, wherein the act of identifying the session is performed by the network device; receiving a second packet by the network device; determining whether the second packet belongs to the session; and performing a packet processing action by the network device based on the identified session; wherein the session is identified based on a first criterion, and the act of determining whether the second packet belongs to the session is performed based on a second criterion that is different from the first criterion.Type: GrantFiled: June 21, 2017Date of Patent: November 2, 2021Assignee: Gigamon Inc.Inventors: Shehzad Merchant, David Cheung, Murali Bommana
-
Patent number: 11019044Abstract: A network appliance stores a session identifier that uniquely identifies a network communication session between a first device and the network appliance. A first communication is received from the first device over the network communication session. The network appliance also receives from a proxy tool, a second communication that includes a header specifying the session identifier and that includes data generated by the proxy in response to the first communication. The network appliance associates the first communication with the second communication using the session identifier. An encrypted representation of the data generated by the proxy is transmitted to a second device based on the association between the first communication and the second communication.Type: GrantFiled: March 8, 2019Date of Patent: May 25, 2021Assignee: Gigamon Inc.Inventors: Manish Pathak, Kishor Joshi, Murali Bommana
-
Patent number: 10999188Abstract: A method of operating a network visibility node is disclosed. In certain embodiments, the network visibility node has a plurality of network ports through which to communicate data with a plurality of network hosts and has a plurality of tool ports through which to communicate data with a plurality of network tools. The network visibility node accesses a port group map associated with a plurality of tool port groups of the network visibility node, where each of the tool port groups includes one or more tool ports of the network visibility node, and where the port group map contains a separate tool alias for each tool port group of the plurality of tool port groups. Each tool alias can correspond to a different type of network traffic. The network visibility node uses the port group map to ascertain a tool port group through which to communicate the plurality of packets with a particular network tool.Type: GrantFiled: January 22, 2020Date of Patent: May 4, 2021Assignee: Gigamon Inc.Inventors: Dominick Cafarelli, Murali Bommana, Tushar Jagtap
-
Publication number: 20200296087Abstract: A network appliance receives a communication from a client device that includes a request to establish a network connection to a server. The network appliance establishes, in response to the communication, a single connection between the network appliance and the server based on application of a policy that causes the network appliance to determine not to decrypt data transmitted between the client device and the server. The network appliance transmits encrypted data between the client device and the server over the single connection.Type: ApplicationFiled: March 13, 2019Publication date: September 17, 2020Inventors: Manish Pathak, Kishor Joshi, Murali Bommana
-
Publication number: 20200287881Abstract: A network appliance stores a session identifier that uniquely identifies a network communication session between a first device and the network appliance. A first communication is received from the first device over the network communication session. The network appliance also receives from a proxy tool, a second communication that includes a header specifying the session identifier and that includes data generated by the proxy in response to the first communication. The network appliance associates the first communication with the second communication using the session identifier. An encrypted representation of the data generated by the proxy is transmitted to a second device based on the association between the first communication and the second communication.Type: ApplicationFiled: March 8, 2019Publication date: September 10, 2020Inventors: Manish Pathak, Kishor Joshi, Murali Bommana
-
Patent number: 10505834Abstract: A method performed by a network device includes: receiving a first packet by the network device, wherein the first packet is tapped from a network; identifying a session to which the first packet belongs when the first packet has one or more values that at least partially match one or more terms, wherein the act of identifying the session is performed by the network device; receiving a second packet by the network device; determining whether the second packet belongs to the session; and performing a packet processing action by the network device based on the identified session; wherein the session is identified based on a first criterion, and the act of determining whether the second packet belongs to the session is performed based on a second criterion that is different from the first criterion.Type: GrantFiled: March 27, 2015Date of Patent: December 10, 2019Assignee: Gigamon Inc.Inventors: Shehzad Merchant, David Cheung, Murali Bommana
-
Patent number: 10243862Abstract: A method for sampling packets for a network flow, includes: receiving a packet at a network port of a network switch appliance, the network switch appliance comprising an instrument port for communication with a network monitoring instrument; determining whether the packet belongs to a network flow that is desired to be monitored, wherein the act of determining is performed based at least in part on one or more information in a control plane using a processing unit; and passing the packet to the instrument port if the packet belongs to the network flow.Type: GrantFiled: March 14, 2014Date of Patent: March 26, 2019Assignee: Gigamon Inc.Inventors: Dominick Cafarelli, Murali Bommana, Sandeep Dahiya, Jesse C. Shu, Anoop V. Kartha
-
Publication number: 20170324639Abstract: A method performed by a network device includes: receiving a first packet by the network device, wherein the first packet is tapped from a network; identifying a session to which the first packet belongs when the first packet has one or more values that at least partially match one or more terms, wherein the act of identifying the session is performed by the network device; receiving a second packet by the network device; determining whether the second packet belongs to the session; and performing a packet processing action by the network device based on the identified session; wherein the session is identified based on a first criterion, and the act of determining whether the second packet belongs to the session is performed based on a second criterion that is different from the first criterion.Type: ApplicationFiled: June 21, 2017Publication date: November 9, 2017Inventors: Shehzad MERCHANT, David CHEUNG, Murali BOMMANA
-
Patent number: 9722955Abstract: A switch appliance includes a first network port for communication with a first node, where the first network port is configured to receive a packet, and a second network port for communication with a second node. The switch appliance further includes a first instrument port for communication with a first inline tool, a buffer, and a processing unit coupled to the first network port, the second network port, the first instrument port and the buffer. The processing unit is configured to determine whether a packet processing state has been set as an inline-tool processing state or a bypass state, and is configured to pass the packet to the second network port for transmission to the second node, and to store a copy of the packet in the buffer, if the packet processing state has not been set as the inline-tool processing state nor the bypass state.Type: GrantFiled: July 27, 2015Date of Patent: August 1, 2017Assignee: Gigamon Inc.Inventors: Hung Nguyen, Murali Bommana
-
Publication number: 20170034078Abstract: A switch appliance includes: a first network port for communication with a first node, the first network port configured to receive a packet; a second network port for communication with a second node; a first instrument port for communication with a first inline tool; a buffer; and a processing unit coupled to the first network port, the second network port, the first instrument port, and the buffer; wherein the processing unit is configured to determine whether a packet processing state has been set as an inline-tool processing state or a bypass state; wherein the processing unit is configured to pass the packet to the second network port for transmission to the second node, and also to store a copy of the packet in the buffer, if the packet processing state has not been set as the inline-tool processing state nor the bypass state.Type: ApplicationFiled: July 27, 2015Publication date: February 2, 2017Applicant: GIGAMON INC.Inventors: Hung NGUYEN, Murali BOMMANA
-
Publication number: 20160285713Abstract: A method performed by a network device includes: receiving a first packet by the network device, wherein the first packet is tapped from a network; identifying a session to which the first packet belongs when the first packet has one or more values that at least partially match one or more terms, wherein the act of identifying the session is performed by the network device; receiving a second packet by the network device; determining whether the second packet belongs to the session; and performing a packet processing action by the network device based on the identified session; wherein the session is identified based on a first criterion, and the act of determining whether the second packet belongs to the session is performed based on a second criterion that is different from the first criterion.Type: ApplicationFiled: March 27, 2015Publication date: September 29, 2016Applicant: Gigamon Inc.Inventors: Shehzad MERCHANT, David CHEUNG, Murali BOMMANA
-
Publication number: 20140321278Abstract: A method for sampling packets for a network flow, includes: receiving a packet at a network port of a network switch appliance, the network switch appliance comprising an instrument port for communication with a network monitoring instrument; determining whether the packet belongs to a network flow that is desired to be monitored, wherein the act of determining is performed based at least in part on one or more information in a control plane using a processing unit; and passing the packet to the instrument port if the packet belongs to the network flow.Type: ApplicationFiled: March 14, 2014Publication date: October 30, 2014Applicant: Gigamon Inc.Inventors: Dominick CAFARELLI, Murali BOMMANA, Sandeep DAHIYA, Jesse C. SHU, Anoop V. KARTHA
-
Patent number: 8873557Abstract: A method of packet processing includes receiving a first packet that includes a header, the header having a plurality of fields, one of the plurality of fields being an identification field, determining an identification value for the identification field in the header of the first packet, determining whether the identification value of the first packet matches an identification value in a header of a second packet, and using another one of the fields in the header of the first packet to determine whether the first packet is a duplicate packet when the identification value of the first packet matches the identification value of the second packet.Type: GrantFiled: April 8, 2011Date of Patent: October 28, 2014Assignee: Gigamon Inc.Inventors: Hung Nguyen, Sandeep Dahiya, Murali Bommana
-
Publication number: 20120257627Abstract: A method of packet processing includes receiving a first packet that includes a header, the header having a plurality of fields, one of the plurality of fields being an identification field, determining an identification value for the identification field in the header of the first packet, determining whether the identification value of the first packet matches an identification value in a header of a second packet, and using another one of the fields in the header of the first packet to determine whether the first packet is a duplicate packet when the identification value of the first packet matches the identification value of the second packet.Type: ApplicationFiled: April 8, 2011Publication date: October 11, 2012Inventors: Hung NGUYEN, Sandeep DAHIYA, Murali BOMMANA