Abstract: A computer-based method for providing information about a potential security incident ascertained from received internet protocol (IP) packets is described. The method includes capturing IP packets from a network, stripping packet header data from the captured IP packets, calculating a cyclic redundancy code (CRC) from one or more fields of the packet header data, determining whether any packet header data has occurred multiple times by comparing the calculated CRC to stored CRCs in each of successive entries in a cache, and storing, in a database, only a single instance of packet header data for any packet header data that is determined to have occurred multiple times.

Abstract: A computer-based method for providing information about a potential security incident ascertained from received internet protocol (IP) packets is described. The method includes capturing IP packets from a network, stripping packet header data from the captured IP packets, calculating a cyclic redundancy code (CRC) from one or more fields of the packet header data, determining whether any packet header data has occurred multiple times by comparing the calculated CRC to stored CRCs in each of successive entries in a cache, and storing, in a database, only a single instance of packet header data for any packet header data that is determined to have occurred multiple times.

Abstract: A computer-based method for providing information about a potential security incident ascertained from received internet protocol (IP) packets is described. The method includes capturing IP packets from a computer network, stripping packet header data from the captured IP packets, reviewing the stripped packet header data for multiple occurrences of matching packet header data, and storing, in a database, only a single instance of packet header data for any reviewed packet header data that is determined to have occurred multiple times.

Abstract: A computer-based method for depicting the participating devices of a multicast group based on the transmit and the receive activities of the devices in a computer network is described. The method includes extracting, from a database, a single instance of each unique packet header associated with a plurality of multicast packets, the multicast packets having been transmitted across the computer network over a predefined period of time, calculating a number of bytes transferred for each source internet protocol (IP) to destination IP multicast tuple from the extracted packets, determining a location of the source IP address and a bandwidth associated with the source IP address from the extracted packets, determining a location of the devices subscribing to the packets and a bandwidth associated with each of the destination sites, and providing a display of all multicast traffic, wherein the multicast traffic is summarized in a user selectable list.

Abstract: Methods for tracking attacking nodes are described and include extracting, from a database, an instance of each unique packet header associated with IP-to-IP packets transmitted over a time period. The method includes determining from extracted headers, which nodes have attempted to establish a connection with an excessive number of other nodes over a period, identifying these as potential attacking nodes, determining from the headers, which other nodes responded with a TCP SYN/ACK packet indicating a willingness to establish connections, and a potential for compromise. Nodes scanned by potential attacking nodes are disqualified from the identified nodes based on at least one of: data in the headers relating to at least one of an amount of data transferred, and scanning activities conducted by the nodes that responded to a potential attacking node with a TCP SYN/ACK packet. Any remaining potential attacking nodes and scanned nodes are presented to a user.

Abstract: A system and method for enhancing financial institution revenue through acceleration of debit processing is provided. The method includes modeling the processing of account debit transactions, identifying ways to accelerate the processing of the account debit transactions and accelerating the account debit transactions. In a further embodiment, account debit transaction processing is accelerated from beginning on what has traditionally been referred to as Day 0 to beginning on some day before Day 0.

Abstract: A computer-based method for collecting and storing types and quantities of traffic passing through an internet protocol (IP) network is described. The method includes extracting, from a database, a single instance of each unique packet header associated with a plurality of IP-to-IP packets, the IP-to-IP packets having been transmitted across the computer network over a predefined period of time, determining a highest probability service port for each IP-to-IP packet combination using the extracted packet headers, accumulating all IP-to-IP-on-Port packet combinations into a single record, the single record including a first packet time, a last packet time, and a total number of bytes transferred, storing the records for all IP-to-IP-on-Port conversations in the database, accumulating the packets based on IP-to-IP-on-protocol if the packets were part of a protocol where port numbers do not exist, and storing the accumulated packets where port numbers do not exist in the database.

Abstract: A computer-based method for detecting anomalies in the traffic passing through an internet protocol (IP) network is described. The method includes extracting, from a database, a single instance of each unique packet header associated with a plurality of IP-to-IP packets, the IP-to-IP packets having been transmitted across the IP network over a predefined period of time, analyzing the packet headers to identify anomalous conversations based on at least one of a conversation uniqueness, a time of week uniqueness, and a data quantity uniqueness, and providing alerts corresponding to detected anomalous conversations.

Abstract: A system and method for enhancing financial institution revenue through acceleration of debit processing is provided. The method includes modeling the processing of account debit transactions, identifying ways to accelerate the processing of the account debit transactions and accelerating the account debit transactions. In a further embodiment, account debit transaction processing is accelerated from beginning on what has traditionally been referred to as Day 0 to beginning on some day before Day 0.

Abstract: A computer-based method for detecting anomalies in the traffic passing through an internet protocol (IP) network is described. The method includes extracting, from a database, a single instance of each unique packet header associated with a plurality of IP-to-IP packets, the IP-to-IP packets having been transmitted across the IP network over a predefined period of time, analyzing the packet headers to identify anomalous conversations based on at least one of a conversation uniqueness, a time of week uniqueness, and a data quantity uniqueness, and providing alerts corresponding to detected anomalous conversations.

Abstract: Methods for tracking attacking nodes are described and include extracting, from a database, an instance of each unique packet header associated with IP-to-IP packets transmitted over a time period. The method includes determining from extracted headers, which nodes have attempted to establish a connection with an excessive number of other nodes over a period, identifying these as potential attacking nodes, determining from the headers, which other nodes responded with a TCP SYN/ACK packet indicating a willingness to establish connections, and a potential for compromise. Nodes scanned by potential attacking nodes are disqualified from the identified nodes based on at least one of: data in the headers relating to at least one of an amount of data transferred, and scanning activities conducted by the nodes that responded to a potential attacking node with a TCP SYN/ACK packet. Any remaining potential attacking nodes and scanned nodes are presented to a user.

Abstract: A computer-based method for providing information about a potential security incident ascertained from received internet protocol (IP) packets is described. The method includes capturing IP packets from a computer network, stripping packet header data from the captured IP packets, reviewing the stripped packet header data for multiple occurrences of matching packet header data, and storing, in a database, only a single instance of packet header data for any reviewed packet header data that is determined to have occurred multiple times.

Abstract: A computer-based method for collecting and storing types and quantities of traffic passing through an internet protocol (IP) network is described. The method includes extracting, from a database, a single instance of each unique packet header associated with a plurality of IP-to-IP packets, the IP-to-IP packets having been transmitted across the computer network over a predefined period of time, determining a highest probability service port for each IP-to-IP packet combination using the extracted packet headers, accumulating all IP-to-IP-on-Port packet combinations into a single record, the single record including a first packet time, a last packet time, and a total number of bytes transferred, storing the records for all IP-to-IP-on-Port conversations in the database, accumulating the packets based on IP-to-IP-on-protocol if the packets were part of a protocol where port numbers do not exist, and storing the accumulated packets where port numbers do not exist in the database.

Abstract: A computer-based method for depicting the participating devices of a multicast group based on the transmit and the receive activities of the devices in a computer network is described. The method includes extracting, from a database, a single instance of each unique packet header associated with a plurality of multicast packets, the multicast packets having been transmitted across the computer network over a predefined period of time, calculating a number of bytes transferred for each source internet protocol (IP) to destination IP multicast tuple from the extracted packets, determining a location of the source IP address and a bandwidth associated with the source IP address from the extracted packets, determining a location of the devices subscribing to the packets and a bandwidth associated with each of the destination sites, and providing a display of all multicast traffic, wherein the multicast traffic is summarized in a user selectable list.

Abstract: A system and method for enhancing financial institution revenue through acceleration of debit processing are provided. The method includes modeling the processing of account debit transactions, identifying ways to accelerate the processing of the account debit transactions and accelerating the account debit transactions. In a further embodiment, account debit transaction processing is accelerated from beginning on what has traditionally been referred to as Day 0 to beginning on some day before Day 0. Finally, a method and system are provided to determine the impacts of accelerating the processing of account debit transactions.

Abstract: A system and method for enhancing financial institution revenue through acceleration of debit processing are provided. The method includes modeling the processing of account debit transactions, identifying ways to accelerate the processing of the account debit transactions and accelerating the account debit transactions. In a further embodiment, account debit transaction processing is accelerated from beginning on what has traditionally been referred to as Day 0 to beginning on some day before Day 0. Finally, a method and system are provided to determine the impacts of accelerating the processing of account debit transactions.