Abstract: A network appliance receives a communication from a client device that includes a request to establish a network connection to a server. Prior to initiating a network connection between the network appliance and the server, the network appliance accesses a server certificate issued by the server. In response to a determination, based on application of a policy to the server certificate, not to decrypt data transmitted between the client device and the server, the network appliance establishes only a single connection between the network appliance and the server. The network appliance transmits encrypted data between the client device and the server over the single connection.

Abstract: A network appliance receives a communication from a client device that includes a request to establish a network connection to a server. The network appliance establishes, in response to the communication, a single connection between the network appliance and the server based on application of a policy that causes the network appliance to determine not to decrypt data transmitted between the client device and the server. The network appliance transmits encrypted data between the client device and the server over the single connection.

Abstract: A method performed by a network device includes: receiving a first packet by the network device, wherein the first packet is tapped from a network; identifying a session to which the first packet belongs when the first packet has one or more values that at least partially match one or more terms, wherein the act of identifying the session is performed by the network device; receiving a second packet by the network device; determining whether the second packet belongs to the session; and performing a packet processing action by the network device based on the identified session; wherein the session is identified based on a first criterion, and the act of determining whether the second packet belongs to the session is performed based on a second criterion that is different from the first criterion.

Abstract: A network appliance stores a session identifier that uniquely identifies a network communication session between a first device and the network appliance. A first communication is received from the first device over the network communication session. The network appliance also receives from a proxy tool, a second communication that includes a header specifying the session identifier and that includes data generated by the proxy in response to the first communication. The network appliance associates the first communication with the second communication using the session identifier. An encrypted representation of the data generated by the proxy is transmitted to a second device based on the association between the first communication and the second communication.

Abstract: A method of operating a network visibility node is disclosed. In certain embodiments, the network visibility node has a plurality of network ports through which to communicate data with a plurality of network hosts and has a plurality of tool ports through which to communicate data with a plurality of network tools. The network visibility node accesses a port group map associated with a plurality of tool port groups of the network visibility node, where each of the tool port groups includes one or more tool ports of the network visibility node, and where the port group map contains a separate tool alias for each tool port group of the plurality of tool port groups. Each tool alias can correspond to a different type of network traffic. The network visibility node uses the port group map to ascertain a tool port group through which to communicate the plurality of packets with a particular network tool.

Abstract: A network appliance receives a communication from a client device that includes a request to establish a network connection to a server. The network appliance establishes, in response to the communication, a single connection between the network appliance and the server based on application of a policy that causes the network appliance to determine not to decrypt data transmitted between the client device and the server. The network appliance transmits encrypted data between the client device and the server over the single connection.

Abstract: A network appliance stores a session identifier that uniquely identifies a network communication session between a first device and the network appliance. A first communication is received from the first device over the network communication session. The network appliance also receives from a proxy tool, a second communication that includes a header specifying the session identifier and that includes data generated by the proxy in response to the first communication. The network appliance associates the first communication with the second communication using the session identifier. An encrypted representation of the data generated by the proxy is transmitted to a second device based on the association between the first communication and the second communication.

Abstract: A method performed by a network device includes: receiving a first packet by the network device, wherein the first packet is tapped from a network; identifying a session to which the first packet belongs when the first packet has one or more values that at least partially match one or more terms, wherein the act of identifying the session is performed by the network device; receiving a second packet by the network device; determining whether the second packet belongs to the session; and performing a packet processing action by the network device based on the identified session; wherein the session is identified based on a first criterion, and the act of determining whether the second packet belongs to the session is performed based on a second criterion that is different from the first criterion.

Abstract: A method for sampling packets for a network flow, includes: receiving a packet at a network port of a network switch appliance, the network switch appliance comprising an instrument port for communication with a network monitoring instrument; determining whether the packet belongs to a network flow that is desired to be monitored, wherein the act of determining is performed based at least in part on one or more information in a control plane using a processing unit; and passing the packet to the instrument port if the packet belongs to the network flow.

Abstract: A method performed by a network device includes: receiving a first packet by the network device, wherein the first packet is tapped from a network; identifying a session to which the first packet belongs when the first packet has one or more values that at least partially match one or more terms, wherein the act of identifying the session is performed by the network device; receiving a second packet by the network device; determining whether the second packet belongs to the session; and performing a packet processing action by the network device based on the identified session; wherein the session is identified based on a first criterion, and the act of determining whether the second packet belongs to the session is performed based on a second criterion that is different from the first criterion.

Abstract: A switch appliance includes a first network port for communication with a first node, where the first network port is configured to receive a packet, and a second network port for communication with a second node. The switch appliance further includes a first instrument port for communication with a first inline tool, a buffer, and a processing unit coupled to the first network port, the second network port, the first instrument port and the buffer. The processing unit is configured to determine whether a packet processing state has been set as an inline-tool processing state or a bypass state, and is configured to pass the packet to the second network port for transmission to the second node, and to store a copy of the packet in the buffer, if the packet processing state has not been set as the inline-tool processing state nor the bypass state.

Abstract: A switch appliance includes: a first network port for communication with a first node, the first network port configured to receive a packet; a second network port for communication with a second node; a first instrument port for communication with a first inline tool; a buffer; and a processing unit coupled to the first network port, the second network port, the first instrument port, and the buffer; wherein the processing unit is configured to determine whether a packet processing state has been set as an inline-tool processing state or a bypass state; wherein the processing unit is configured to pass the packet to the second network port for transmission to the second node, and also to store a copy of the packet in the buffer, if the packet processing state has not been set as the inline-tool processing state nor the bypass state.

Abstract: A method performed by a network device includes: receiving a first packet by the network device, wherein the first packet is tapped from a network; identifying a session to which the first packet belongs when the first packet has one or more values that at least partially match one or more terms, wherein the act of identifying the session is performed by the network device; receiving a second packet by the network device; determining whether the second packet belongs to the session; and performing a packet processing action by the network device based on the identified session; wherein the session is identified based on a first criterion, and the act of determining whether the second packet belongs to the session is performed based on a second criterion that is different from the first criterion.

Abstract: A method for sampling packets for a network flow, includes: receiving a packet at a network port of a network switch appliance, the network switch appliance comprising an instrument port for communication with a network monitoring instrument; determining whether the packet belongs to a network flow that is desired to be monitored, wherein the act of determining is performed based at least in part on one or more information in a control plane using a processing unit; and passing the packet to the instrument port if the packet belongs to the network flow.

Abstract: A method of packet processing includes receiving a first packet that includes a header, the header having a plurality of fields, one of the plurality of fields being an identification field, determining an identification value for the identification field in the header of the first packet, determining whether the identification value of the first packet matches an identification value in a header of a second packet, and using another one of the fields in the header of the first packet to determine whether the first packet is a duplicate packet when the identification value of the first packet matches the identification value of the second packet.

Abstract: A method of packet processing includes receiving a first packet that includes a header, the header having a plurality of fields, one of the plurality of fields being an identification field, determining an identification value for the identification field in the header of the first packet, determining whether the identification value of the first packet matches an identification value in a header of a second packet, and using another one of the fields in the header of the first packet to determine whether the first packet is a duplicate packet when the identification value of the first packet matches the identification value of the second packet.